Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php

Overview

General Information

Sample URL:	https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php
Analysis ID:	1430616
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2388,i,5551892867405834826,3016472368965618072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	Avira URL Cloud: detection malicious, Label: phishing
Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: Iframe src: https://www.

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: Number of links: 0

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: <input type="password" .../> found

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: No <meta name="author".. found

Source: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.61.214.98:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.214.98:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49733 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.61.214.98
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	HTTP traffic detected: GET /4765445b-32c6-49b0-83e6-1d93765276ca.php HTTP/1.1Host: magnisteel.lkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://magnisteel.lksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /); HTTP/1.1Host: magnisteel.lkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7og30ojr8a6kkj49ad66drp7q1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://magnisteel.lk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /); HTTP/1.1Host: magnisteel.lkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=7og30ojr8a6kkj49ad66drp7q1
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5cXCgE7oZSKZd6C&MD=Uy42rKWm HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5cXCgE7oZSKZd6C&MD=Uy42rKWm HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: magnisteel.lk

Source: chromecache_69.2.dr, chromecache_74.2.dr, chromecache_68.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_72.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_72.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.61.214.98:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.214.98:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49733 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@22/20@29/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2388,i,5551892867405834826,3016472368965618072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2388,i,5551892867405834826,3016472368965618072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	100%	Avira URL Cloud	phishing
https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	0%	Avira URL Cloud	safe
https://magnisteel.lk/);	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d26p066pn2w0s0.cloudfront.net	13.225.142.14	true	false		high
magnisteel.lk	107.155.77.34	true	false		unknown
google.com	142.251.2.100	true	false		high
cs1100.wpc.omegacdn.net	152.199.4.44	true	false		unknown
part-0041.t-0009.t-msedge.net	13.107.213.69	true	false		unknown
www.google.com	142.250.101.103	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		unknown
logo.clearbit.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/	false		high
https://magnisteel.lk/);	false	Avira URL Cloud: safe	unknown
https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php#login./user/settings/notification/1713911301-4e0rr70db9ec-2024-04-23/oauth2	false		unknown
https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	true		unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.microsoftonline.com	chromecache_72.2.dr	false		high
https://github.com/douglascrockford/JSON-js	chromecache_69.2.dr, chromecache_74.2.dr, chromecache_68.2.dr	false		high
https://login.windows-ppe.net	chromecache_72.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.101.103	www.google.com	United States		15169	GOOGLEUS	false
107.155.77.34	magnisteel.lk	United States		29802	HVC-ASUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
13.225.142.14	d26p066pn2w0s0.cloudfront.net	United States		16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430616
Start date and time:	2024-04-24 00:27:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@22/20@29/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://passwordreset./?ru=https%3a%2f%2flogin.online.com%2fcommon%2freprocess%3fctx%3drQIIAYWSv4vTcADFL-1dPY8Tzx-DLnKDiChp02_SpDl0yF166a98c23SJulS0uSbNmnSpGnapP0LxMnJwdFFPATBSZycHG5yFMHNSRBEEHTzTmdxebzHe9v7bG3S-SLIF_PEnSzIE3s3KYYuUVRpgJPApHGKHRB4mUQ0XrRY8rQCDG0a0eWtHaq6-fXljU_Ss9eff-y01P1jbHcUx-Fsr1BIkiQf2LZjorwZ-AXPmFjOZLgArzHsPYY9yWygCS7sH2dmNMkwJAAliiwTDEvTpWJeUvRU9ztFyJuxqPQcKBOEqJigqXie6OuxrnZKcNXzoNob6ash1VNrJegOV9BvxaIrUmd76I7Tplr3ocvFPaHuQsUaQ78DdKW1-pi5KHHzeATOJIicFfqeOW8Hkd8Pg1n8JPs4c1iWhRKhd5whstvVpDpezniLIpYTq12PqvWIKkrNJXJSN6yFdaJBBSnPjec1R66wugX1AV_Zb_Gy7A_EZpqQLSJkDQg4wzA4ekmO-1L3QMSbqE-X7Vjcnx6VbXnO6D53gJhZb1Ki8Kk-lQ8r847L0I62MAyxpQk4VMfpKB7hDGshW2XkFLXiMOQVEjCeN1i27cZS6S2a8dwRovaBWhZDrSXhAjPQZCGelvVJJ5hqyXCGmkdkfW6wKy6VTbzBm0lVdVduOGjXu00IEMdVuKQBJAPZ1livVUWUBjVmeJQcZ6__494FeJXNnRo_mJxkmSBEE8faDaPAdjz0LyQWoCD9SdXAR3nO896vY1_WtzdzO9vXsN2121eJjZ_r2NONU84-3H147_6vF9Xnq3eNtzu31k42ClSZZfheJeh2hnItEjSO9WtS1OW7wlyFsSaPZodQG9jaoUHcp_aKj3LYo1zuJHepxvdhRZEVDvJcmwd94lsOe3Bu7c35_5L7cfvK1tbc6XuBaXhodvkvwW8vrP0G0&mkt=en-GB&hosted=0&device_platform=macOS

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.84, 142.251.2.100, 142.251.2.102, 142.251.2.138, 142.251.2.101, 142.251.2.139, 142.251.2.113, 34.104.35.123, 20.190.151.133, 20.190.151.69, 20.190.151.8, 20.190.151.68, 20.190.151.67, 20.190.151.7, 20.190.151.9, 20.190.151.131, 142.250.141.95, 74.125.137.95, 142.251.2.95, 199.232.210.172, 72.21.81.240, 192.229.211.108, 52.165.164.15, 20.242.39.171, 142.251.2.94
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 21:28:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985555929538374
Encrypted:	false
SSDEEP:	48:8UdQTUI6HyidAKZdA19ehwiZUklqehOy+3:83fXVy
MD5:	C81004456E148BE6324A79291EDE9981
SHA1:	6A63F0530909A592D9CD62BEB70DF12DE4CEE2F0
SHA-256:	605F005333B33AFC56E5037BE66F04EA3EEFDE08EE7918906C457E18280A786E
SHA-512:	C5706EC1E24BA7DCBB2E25FE1B2F428D025A4094D17BD5B95CDB4CC3531459C1CF9F1712D0B3D11EC24DDC93BDB1659B5E6D98F22892278AA2BD1FD640155BD2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....t....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 21:28:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.003065584527082
Encrypted:	false
SSDEEP:	48:8+dQTUI6HyidAKZdA1weh/iZUkAQkqehFy+2:81fd9QMy
MD5:	81731640C1BDA5E042BFE1EA3128E948
SHA1:	4305DBE35732DFBF3E5023266333EC41F6AD412F
SHA-256:	0ACD71EE38C6B734370D0A687EC06CAAEDD65B688326DD3D6207E786A4B57F76
SHA-512:	78380601E366E47509A92749BCD185F9619ED0AF2454E35DDA61EE57D7C5BAED991134032D40F7A1044C9D1E70CC72262D6FB0C387ECAB2BB21D6435168DDF2F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009791573645341
Encrypted:	false
SSDEEP:	48:8xRdQTUIsHyidAKZdA14tseh7sFiZUkmgqeh7sTy+BX:8xUfDnRy
MD5:	75A326FB8C90F054C00F99907F065E46
SHA1:	E60C4325285C4AFC25A92A378D9489EC83595E15
SHA-256:	850853EED653EB485818F0E90E654E72D89B1378520DCBC6C50D14981FEEC78A
SHA-512:	F7B8095D2412B18342E05BC51B65549100B1E9999A350E8882A7A81F97D0F3B3E489A06F027FC07652F8125F25932278BA1FEB830D8E9227FFC126396A9A950E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 21:28:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000716356849685
Encrypted:	false
SSDEEP:	48:8LOdQTUI6HyidAKZdA1vehDiZUkwqeh5y+R:8Bfeby
MD5:	20F217A633717D6232C020CB7F4C80A6
SHA1:	C4469C5E88D420AFCC013F8EFEC08DCADA2A294A
SHA-256:	47AA06D02CDCE927213B36C39AF7F7AFFB6CE851E6CF6D23B9ED8CB4FA59DD15
SHA-512:	B8673B9C4E823842BBB32EFB48A7B163374C97F6DA9EB3045288964F4E6A72546D8BE2F6116D73010AC75A88554A024D4E5331AD4890DABF85BE27C3918BF64D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 21:28:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9892732433337224
Encrypted:	false
SSDEEP:	48:8ldQTUI6HyidAKZdA1hehBiZUk1W1qeh/y+C:8ofu9fy
MD5:	53A74D1254EBE3F6288F145AEBF53B87
SHA1:	4C8CA04622965A93DE1478F7F4042BD7475D52AA
SHA-256:	EB1E4E55ADC9FA42147EEC87B2A24A1BE08763FF6549D12450C1FB871437C4B5
SHA-512:	91AB43E4FB68E899B12DD15DD3FA279DD4BF32429DC8966320AB70CBC26EA113FCB7390E89546D047D201088EE1DA0885322ACF610E1B87F84D580574A877453
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....X.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 21:28:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.000788908397433
Encrypted:	false
SSDEEP:	48:83dQTUI6HyidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8efQT/TbxWOvTbRy7T
MD5:	C8B5A877C1740455A1CF292507118465
SHA1:	F5AE41BBC510C8DDB8BC23F2C47421BD0F680B5A
SHA-256:	180DC2028630D0385FEEF9637719ADF5F018B6F1C8D3E40B7CB1F838BA6F962A
SHA-512:	309C7A872E9BB7B8A83D2B677DC2D0E29D6FA59E8F382795E53A04E548343FB5B1EE712E6AC45C47A228C6FFA22C61B43BA9BC5CC3F6FFB0561CE6637407AAFE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............y%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14519)
Category:	downloaded
Size (bytes):	15492
Entropy (8bit):	5.36570170772995
Encrypted:	false
SSDEEP:	384:DuMl71I2ZhJdP+2sOh+rF3pQnRiDZD9zL86Nv5Gc:9l1f0Qu86v4c
MD5:	BE9AA810D120B8D1F202871227F530E7
SHA1:	FE9B53CD6E17EC9A9604713DBED3D4F4EBF639B5
SHA-256:	0140DA8C4170309BAA728814F96185DE2C71BB6A9101D51CB040ECE949AA3128
SHA-512:	FBE0417A357127BB840FE68CDEB132CE2814F746F7FB4D294FF4725386B90816AD5653C157F719A5DDE257F0D94301C95961A0132FF0A280EE94AA318CB1D9C1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[15],{453:function(e,n,s

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (5861)
Category:	downloaded
Size (bytes):	6834
Entropy (8bit):	5.201686240611877
Encrypted:	false
SSDEEP:	96:jPjDXOMS1WfzcyJg7wieCAl9TTWzJcVwDcPRD5a1NLwCEL+Kia12j1L+E93LScNT:jP7rcyJYHuTTWz6VUqceLhcLpSU0MN
MD5:	BF87790C76797B166527F814CA2E7275
SHA1:	E94F31F0907889DD1E93AA5407397619E6F3A761
SHA-256:	E9B270D2A6AF5D01DD798963A97D66CE020DA7501B55C0239C0B5D7C1D5D2375
SHA-512:	70ACAAA1990C59F4C93ABEEDFA891C35A8DC7FFD092E15AF7FF0A76A5466A875251864DAAF8B6B4754095AEB5F0F0513972F1C21794CD49461317D2E223C5C2E
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[17],{441:function(i,e,n

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.280394654123194
Encrypted:	false
SSDEEP:	3:6ATunSwVinY:uSgiY
MD5:	2E169B594939E8A3064EBB0EC676FFBC
SHA1:	E32F2FE8AB60F7D7C43A77DA0644B19B99FECC4A
SHA-256:	3708DDD470F736E9200BE94C4CABAF1434560E25FFE7155986879EDBCF269F66
SHA-512:	9C555AB34EFE3F0193A287DEC59EEA357F1A8273238AD2E34636CDC6E8BE9506DBFEA50A4706C004D174ED2C0132C98BC639BD1F9F02B3FABF953D9228D772CE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwm1CE7fzEUKixIFDU9-u70SBQ2L6Jwp?alt=proto
Preview:	ChIKBw1Pfru9GgAKBw2L6JwpGgA=

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (61177)
Category:	downloaded
Size (bytes):	110118
Entropy (8bit):	5.288593644108406
Encrypted:	false
SSDEEP:	1536:QpHDgBvguhw+EViazA/PWrF7qvEAFiQcpmUyDzz6yVUns:xktHyVUs
MD5:	29F1D1172158F929B64CC926E4521C0B
SHA1:	AF19579C25EBBFD3BBC82A5AB77479647FE02AB8
SHA-256:	8B6A3B17737161E5FE8C29E401372A94B8E650226CF0CD17B4C3C4DE5B380B11
SHA-512:	DA984750F76BF1795737A507163E4180767D8688E4A55ED343363A831DB0E601702DE4F3AEC4D21F88D014B355CD296B422CABCBC7C8A236AAD65F19FF43383D
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Category:	downloaded
Size (bytes):	2347
Entropy (8bit):	5.290031538794594
Encrypted:	false
SSDEEP:	48:gCgF0+kNL5iQ6+GhB+SYWzGuesAFcsGJOzgO6FIEv+sj+M++sx+suse+swsosmC0:gC3Na5+GX+Ti2XsYE2sqAsosushswsoB
MD5:	E86EF8B6111E5FB1D1665BCDC90888C9
SHA1:	994BF7651CB967CD9053056AF2D69ACB74DB7F29
SHA-256:	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
SHA-512:	2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
Malicious:	false
Reputation:	low
URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f\|\|e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("\|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (32002)
Category:	downloaded
Size (bytes):	43235
Entropy (8bit):	5.403375350187382
Encrypted:	false
SSDEEP:	768:L2SEQOfl7fuFi1tDfrKKvU9KNa3DRhDuNq+J/Png3l88zkcSS7cgTPRUbx3Tg/q1:pti1tDfrKKvU9KNa3DRhDug+J/Png18D
MD5:	FA18DC190C5F6455340B0CDB2DA083A9
SHA1:	7ADE83BA171ABEE5803D093CCA708D45954EB4FA
SHA-256:	A423AC7E2310BC44A1DEFEB1F6DF180CAB8A59442E7F41D093F21649FCC86E69
SHA-512:	10025A85B1659DA9750C06286011790A4816AA7CC7A8DA98C8CD42F4EE25B61BFC879C446ABA98D0F8511875DD4DB1E039B5992AE0B5C3FA372012CC0A9205FA
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
Preview:	!function(e){function o(i){if(n[i])return n[i].exports;var t=n[i]={exports:{},id:i,loaded:!1};return e[i].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){n(2);var i=n(1),t=n(4),r=n(5),a=r.StringsVariantId,s=r.AllowedIdentitiesType;i.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var n=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(n,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19103)
Category:	downloaded
Size (bytes):	20076
Entropy (8bit):	5.17360743823565
Encrypted:	false
SSDEEP:	384:DMQy3PzqfF/pYQ2wVzZOOqw/AiupVnPiAA:cOphrxYA
MD5:	F34D7D00BDC2F226C7F96169A9614C99
SHA1:	3AFAE44C54B14EFAF24452D3CA4F0553815DBF38
SHA-256:	7CB7621F3EB49C78B89D119106CF42981A3075DA154DC96AF6CA24F8F68C6F53
SHA-512:	82728C33BF960398918842B37BA717D75388C8B57D424ADADDFB43A01BE6627C77659708086836E36AFBCFA61ACDEE30D512107499684F1FFE94C09080807343
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[24],{432:function(e,n,i

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 00:28:12.742136955 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:12.742149115 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:12.851514101 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:20.942511082 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.942564011 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:20.942645073 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.943645954 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.943713903 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:20.943782091 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.944226980 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.944262028 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:20.944979906 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:20.945014954 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.345129967 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.345411062 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.345448971 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.346422911 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.346645117 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.346689939 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.347109079 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.347194910 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.348133087 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.348191023 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.348216057 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.348288059 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.348756075 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.348773003 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.349090099 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.349179983 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.460603952 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.460608959 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.460655928 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.546791077 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.546834946 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.546931028 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.547133923 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.547151089 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.663410902 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.759692907 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.759752989 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.759776115 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.759907961 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.759957075 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:21.856965065 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:21.924120903 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.924480915 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.924508095 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.926129103 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.926213026 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.927182913 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:21.927265882 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:21.934297085 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934361935 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.934446096 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934585094 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934613943 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.934669018 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934791088 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934833050 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.934881926 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.934920073 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.935004950 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.935074091 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.935146093 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.935175896 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.935369968 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.935384989 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.935947895 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.935960054 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:21.936284065 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:21.936321020 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.049606085 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.049633026 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.049669027 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.049741030 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.049804926 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.061321974 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:22.061350107 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:22.239793062 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.239818096 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.239861965 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.239885092 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.239948034 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.239985943 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240022898 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240044117 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240065098 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240082979 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240129948 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240168095 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240243912 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240314007 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240329981 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240372896 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240386009 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240513086 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.240562916 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240850925 CEST	49709	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:22.240885019 CEST	443	49709	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:22.262190104 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:22.432249069 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.432512045 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.432542086 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.433958054 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.434041023 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.434693098 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.437777996 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.437886000 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.442347050 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.442512989 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.442646980 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.442667007 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.442882061 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.442915916 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.443098068 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.443120003 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.443334103 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.443373919 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.444199085 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.444278002 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.444478035 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.444542885 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.444678068 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.444741964 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.447628021 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.447712898 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.448477983 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.448565960 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.448740005 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.448843956 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.448879957 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.448888063 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.448987961 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.449002981 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.449029922 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.449048996 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.460355997 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:22.460532904 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:22.460545063 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:22.648118973 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.648284912 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.650372028 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.650373936 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.650557041 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.750324965 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.750885010 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.750905037 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.750997066 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.751050949 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.751084089 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.751116991 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.751622915 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.751800060 CEST	49717	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.751852989 CEST	443	49717	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752401114 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752424002 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752443075 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752470016 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752485037 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752504110 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752506018 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752532005 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752536058 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752564907 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752584934 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752599001 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752645969 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752691031 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752701044 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752737999 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.752816916 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.752857924 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.753920078 CEST	49716	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.753958941 CEST	443	49716	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.757574081 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763190985 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763341904 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763369083 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763411999 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.763431072 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763448954 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.763473034 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.763520002 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.763567924 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.763910055 CEST	49715	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.763921976 CEST	443	49715	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778017998 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778042078 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778084040 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778104067 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778121948 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.778122902 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778155088 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778172016 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.778172970 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.778202057 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.778229952 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.804526091 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804553032 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804610968 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804626942 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.804657936 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804683924 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.804693937 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804713011 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804730892 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804752111 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.804771900 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.804795980 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.930906057 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.930928946 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.930969000 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.930988073 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.931013107 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.931035042 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.931071043 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955121994 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955141068 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955189943 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955216885 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955234051 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955257893 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955275059 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955288887 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955296040 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955312014 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955328941 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955346107 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.955372095 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.955372095 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:22.955423117 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:22.955497980 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:22.955920935 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:22.955948114 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:22.977871895 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.977893114 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.977930069 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.977947950 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.977958918 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:22.977996111 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:22.978013039 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.002465010 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.002485037 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.002535105 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.002538919 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.002553940 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.002578020 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.002598047 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.002624035 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.002645016 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.054529905 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.054548025 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.087485075 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.087524891 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.087559938 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.087733030 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.090936899 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.092163086 CEST	49714	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.092184067 CEST	443	49714	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.121072054 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.121129990 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.121221066 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.131467104 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.137253046 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.137279034 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.172147989 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.287723064 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.287976027 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.287998915 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.289509058 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.289599895 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.291729927 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.291821957 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.291924000 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.291939974 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.336896896 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.371850014 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.375366926 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.375463009 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.382683039 CEST	49710	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.382723093 CEST	443	49710	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.579600096 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.579639912 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.579710007 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.579911947 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.579927921 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.621671915 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.621944904 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.621977091 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.622467041 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.622776031 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.622865915 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.622924089 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.664125919 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.723117113 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.723325014 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.723395109 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.723973036 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.724000931 CEST	443	49718	13.225.142.14	192.168.2.5
Apr 24, 2024 00:28:23.724026918 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.724051952 CEST	49718	443	192.168.2.5	13.225.142.14
Apr 24, 2024 00:28:23.747399092 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:23.747426987 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:23.747503996 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:23.749337912 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:23.749351978 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:23.915780067 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:23.915900946 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:23.946986914 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.947807074 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.947829008 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.947877884 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.947905064 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.947921991 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.947956085 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.948688984 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.948710918 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.948748112 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.948755980 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:23.948769093 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:23.969706059 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.969922066 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.969933987 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.971398115 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.971461058 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.971775055 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.971851110 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:23.971878052 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:23.994013071 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:24.016120911 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:24.024956942 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:24.024964094 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:24.071070910 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:24.088723898 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.090487003 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.097487926 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.097505093 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.097903967 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.108815908 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:24.108865976 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:24.108927011 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:24.108985901 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:24.109041929 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:24.109047890 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:24.109111071 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:24.113581896 CEST	49719	443	192.168.2.5	152.199.4.44
Apr 24, 2024 00:28:24.113612890 CEST	443	49719	152.199.4.44	192.168.2.5
Apr 24, 2024 00:28:24.149836063 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.161515951 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.204135895 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.400465012 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.400659084 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.400717020 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.400917053 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.400935888 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.400945902 CEST	49723	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.400952101 CEST	443	49723	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.442867041 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.442894936 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.442979097 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.443434954 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.443449974 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.655736923 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:24.659028053 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:24.659084082 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:24.659178972 CEST	49722	443	192.168.2.5	107.155.77.34
Apr 24, 2024 00:28:24.659198999 CEST	443	49722	107.155.77.34	192.168.2.5
Apr 24, 2024 00:28:24.775238037 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.775326014 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.779287100 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.779294968 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.779951096 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:24.781944990 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:24.828121901 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:25.091273069 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:25.091516972 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:25.091576099 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:25.092664957 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:25.092678070 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:25.092695951 CEST	49724	443	192.168.2.5	23.61.214.98
Apr 24, 2024 00:28:25.092701912 CEST	443	49724	23.61.214.98	192.168.2.5
Apr 24, 2024 00:28:31.932090044 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:31.932272911 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:31.932395935 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:33.102010012 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:33.102076054 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:33.102164030 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:33.103514910 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:33.103547096 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:33.296684980 CEST	49713	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:28:33.296696901 CEST	443	49713	142.250.101.103	192.168.2.5
Apr 24, 2024 00:28:33.699855089 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:33.700079918 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:33.708398104 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:33.708452940 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:33.708830118 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:33.757369041 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:34.716768026 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:34.760143995 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.040452003 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.041815996 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.046564102 CEST	49730	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.046591043 CEST	443	49730	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:35.046678066 CEST	49730	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.047753096 CEST	49730	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.047766924 CEST	443	49730	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:35.099850893 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.099910975 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.099948883 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.099981070 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100003958 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100019932 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100033998 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100049973 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100061893 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100096941 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100096941 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100234985 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100297928 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.100325108 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100454092 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.100506067 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.201236963 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:35.203152895 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:35.386959076 CEST	443	49730	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:35.387038946 CEST	49730	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:28:35.608342886 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.608386040 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:35.608417034 CEST	49725	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:28:35.608436108 CEST	443	49725	13.85.23.86	192.168.2.5
Apr 24, 2024 00:28:54.549974918 CEST	443	49730	23.1.237.91	192.168.2.5
Apr 24, 2024 00:28:54.550189972 CEST	49730	443	192.168.2.5	23.1.237.91
Apr 24, 2024 00:29:12.636934996 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:12.636985064 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:12.639168024 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:12.639611959 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:12.639631987 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.231399059 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.231489897 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.235318899 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.235327959 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.235666037 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.244117975 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.292119026 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806164980 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806222916 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806266069 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806284904 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.806302071 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806340933 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.806360006 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.806430101 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806524038 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.806529999 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806576967 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806619883 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.806628942 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806687117 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.806780100 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.811285973 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.811285973 CEST	49733	443	192.168.2.5	13.85.23.86
Apr 24, 2024 00:29:13.811310053 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:13.811320066 CEST	443	49733	13.85.23.86	192.168.2.5
Apr 24, 2024 00:29:21.446532965 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:21.446609020 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.446703911 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:21.446980000 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:21.447014093 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.811191082 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.811501980 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:21.811537027 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.812644958 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.812979937 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:21.813162088 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:21.866692066 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:31.810420990 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:31.810590029 CEST	443	49735	142.250.101.103	192.168.2.5
Apr 24, 2024 00:29:31.810707092 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:33.280124903 CEST	49735	443	192.168.2.5	142.250.101.103
Apr 24, 2024 00:29:33.280152082 CEST	443	49735	142.250.101.103	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 00:28:18.133416891 CEST	53	58394	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:18.134130001 CEST	53	63593	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:19.152148008 CEST	52375	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:19.152388096 CEST	64173	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:19.338288069 CEST	53	56245	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:19.703533888 CEST	53	52375	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:19.714626074 CEST	53	64173	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:20.940542936 CEST	50994	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:20.941158056 CEST	58363	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:21.096220970 CEST	53	50994	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:21.096256971 CEST	53	58363	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:21.390103102 CEST	65044	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:21.390391111 CEST	55656	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:21.545346975 CEST	53	55656	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:21.545919895 CEST	53	65044	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:21.778122902 CEST	49947	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:21.778218985 CEST	60675	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:21.933523893 CEST	53	49947	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:21.933641911 CEST	53	60675	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:22.757113934 CEST	49263	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:22.757251024 CEST	65154	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:22.913533926 CEST	53	49263	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:22.954855919 CEST	53	65154	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.130886078 CEST	60857	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:23.131023884 CEST	50731	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:23.326773882 CEST	53	50731	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.329206944 CEST	53	50692	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.343553066 CEST	53	60857	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.344278097 CEST	59995	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:23.424947977 CEST	63858	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:23.425090075 CEST	65171	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:23.498156071 CEST	53	59995	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.522541046 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:23.578953981 CEST	53	65171	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:23.579111099 CEST	53	63858	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:24.273654938 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:25.033201933 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:31.325673103 CEST	61350	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:31.344666958 CEST	64748	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:31.541831017 CEST	53	64748	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:31.542216063 CEST	53	61350	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:31.543003082 CEST	58989	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:31.696969986 CEST	53	58989	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:31.702800989 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:32.460546017 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:33.210891962 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:34.058257103 CEST	50486	53	192.168.2.5	8.8.8.8
Apr 24, 2024 00:28:34.058571100 CEST	63559	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:34.214365959 CEST	53	63559	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:34.229968071 CEST	53	50486	8.8.8.8	192.168.2.5
Apr 24, 2024 00:28:35.068478107 CEST	63053	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:35.068624973 CEST	58521	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:35.224355936 CEST	53	63053	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:35.224786997 CEST	53	58521	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:35.238698959 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:35.992384911 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:36.744950056 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:37.199561119 CEST	53	61506	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:42.797359943 CEST	61592	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:42.798315048 CEST	60984	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:42.953722954 CEST	53	61592	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:42.955229998 CEST	53	60984	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:42.956377983 CEST	57991	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:28:43.112425089 CEST	53	57991	1.1.1.1	192.168.2.5
Apr 24, 2024 00:28:43.113434076 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:43.867063046 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:44.619062901 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:28:58.587244987 CEST	53	58872	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:15.663136005 CEST	59409	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:29:15.663295031 CEST	54447	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:29:15.819787025 CEST	53	54447	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:15.820173979 CEST	53	59409	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:15.820831060 CEST	51327	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:29:15.977346897 CEST	53	51327	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:15.977813005 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:29:16.728210926 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:29:17.257605076 CEST	53	57927	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:17.482203007 CEST	137	137	192.168.2.5	192.168.2.255
Apr 24, 2024 00:29:23.976913929 CEST	53	58202	1.1.1.1	192.168.2.5
Apr 24, 2024 00:29:30.305774927 CEST	61822	53	192.168.2.5	1.1.1.1
Apr 24, 2024 00:29:30.461402893 CEST	53	61822	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 00:28:21.096391916 CEST	192.168.2.5	1.1.1.1	c1f4	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 00:28:19.152148008 CEST	192.168.2.5	1.1.1.1	0xa363	Standard query (0)	magnisteel.lk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:19.152388096 CEST	192.168.2.5	1.1.1.1	0x32d	Standard query (0)	magnisteel.lk	65	IN (0x0001)	false
Apr 24, 2024 00:28:20.940542936 CEST	192.168.2.5	1.1.1.1	0x4b4f	Standard query (0)	magnisteel.lk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:20.941158056 CEST	192.168.2.5	1.1.1.1	0x8bca	Standard query (0)	magnisteel.lk	65	IN (0x0001)	false
Apr 24, 2024 00:28:21.390103102 CEST	192.168.2.5	1.1.1.1	0x533b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.390391111 CEST	192.168.2.5	1.1.1.1	0x7b65	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 00:28:21.778122902 CEST	192.168.2.5	1.1.1.1	0x79c	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.778218985 CEST	192.168.2.5	1.1.1.1	0x9a01	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 24, 2024 00:28:22.757113934 CEST	192.168.2.5	1.1.1.1	0x3a50	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.757251024 CEST	192.168.2.5	1.1.1.1	0x8a51	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Apr 24, 2024 00:28:23.130886078 CEST	192.168.2.5	1.1.1.1	0x3d34	Standard query (0)	www	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:23.131023884 CEST	192.168.2.5	1.1.1.1	0x5424	Standard query (0)	www	65	IN (0x0001)	false
Apr 24, 2024 00:28:23.344278097 CEST	192.168.2.5	1.1.1.1	0x726c	Standard query (0)	www	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:23.424947977 CEST	192.168.2.5	1.1.1.1	0x3288	Standard query (0)	magnisteel.lk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:23.425090075 CEST	192.168.2.5	1.1.1.1	0xe2d8	Standard query (0)	magnisteel.lk	65	IN (0x0001)	false
Apr 24, 2024 00:28:31.325673103 CEST	192.168.2.5	1.1.1.1	0xa606	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:31.344666958 CEST	192.168.2.5	1.1.1.1	0x76b0	Standard query (0)	passwordreset	65	IN (0x0001)	false
Apr 24, 2024 00:28:31.543003082 CEST	192.168.2.5	1.1.1.1	0x301d	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.058257103 CEST	192.168.2.5	8.8.8.8	0xa6ab	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.058571100 CEST	192.168.2.5	1.1.1.1	0x6f44	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:35.068478107 CEST	192.168.2.5	1.1.1.1	0x56a9	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:35.068624973 CEST	192.168.2.5	1.1.1.1	0xd5ac	Standard query (0)	passwordreset	65	IN (0x0001)	false
Apr 24, 2024 00:28:42.797359943 CEST	192.168.2.5	1.1.1.1	0x5594	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:42.798315048 CEST	192.168.2.5	1.1.1.1	0xba11	Standard query (0)	passwordreset	65	IN (0x0001)	false
Apr 24, 2024 00:28:42.956377983 CEST	192.168.2.5	1.1.1.1	0x9bc4	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:15.663136005 CEST	192.168.2.5	1.1.1.1	0xdaed	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:15.663295031 CEST	192.168.2.5	1.1.1.1	0x7c7e	Standard query (0)	passwordreset	65	IN (0x0001)	false
Apr 24, 2024 00:29:15.820831060 CEST	192.168.2.5	1.1.1.1	0x5a84	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:30.305774927 CEST	192.168.2.5	1.1.1.1	0x89aa	Standard query (0)	passwordreset	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 00:28:19.703533888 CEST	1.1.1.1	192.168.2.5	0xa363	No error (0)	magnisteel.lk		107.155.77.34	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.096220970 CEST	1.1.1.1	192.168.2.5	0x4b4f	No error (0)	magnisteel.lk		107.155.77.34	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545346975 CEST	1.1.1.1	192.168.2.5	0x7b65	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.545919895 CEST	1.1.1.1	192.168.2.5	0x533b	No error (0)	www.google.com		142.250.101.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.933523893 CEST	1.1.1.1	192.168.2.5	0x79c	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:21.933523893 CEST	1.1.1.1	192.168.2.5	0x79c	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:21.933641911 CEST	1.1.1.1	192.168.2.5	0x9a01	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:22.091886044 CEST	1.1.1.1	192.168.2.5	0x1908	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:22.091886044 CEST	1.1.1.1	192.168.2.5	0x1908	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.091886044 CEST	1.1.1.1	192.168.2.5	0x1908	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.913533926 CEST	1.1.1.1	192.168.2.5	0x3a50	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:22.913533926 CEST	1.1.1.1	192.168.2.5	0x3a50	No error (0)	d26p066pn2w0s0.cloudfront.net		13.225.142.14	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.913533926 CEST	1.1.1.1	192.168.2.5	0x3a50	No error (0)	d26p066pn2w0s0.cloudfront.net		13.225.142.22	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.913533926 CEST	1.1.1.1	192.168.2.5	0x3a50	No error (0)	d26p066pn2w0s0.cloudfront.net		13.225.142.83	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.913533926 CEST	1.1.1.1	192.168.2.5	0x3a50	No error (0)	d26p066pn2w0s0.cloudfront.net		13.225.142.90	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:22.954855919 CEST	1.1.1.1	192.168.2.5	0x8a51	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:23.326773882 CEST	1.1.1.1	192.168.2.5	0x5424	Name error (3)	www	none	none	65	IN (0x0001)	false
Apr 24, 2024 00:28:23.343553066 CEST	1.1.1.1	192.168.2.5	0x3d34	Name error (3)	www	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:23.498156071 CEST	1.1.1.1	192.168.2.5	0x726c	Name error (3)	www	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:23.579111099 CEST	1.1.1.1	192.168.2.5	0x3288	No error (0)	magnisteel.lk		107.155.77.34	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:31.541831017 CEST	1.1.1.1	192.168.2.5	0x76b0	Name error (3)	passwordreset	none	none	65	IN (0x0001)	false
Apr 24, 2024 00:28:31.542216063 CEST	1.1.1.1	192.168.2.5	0xa606	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:31.696969986 CEST	1.1.1.1	192.168.2.5	0x301d	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.100	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.138	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.101	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.139	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.214365959 CEST	1.1.1.1	192.168.2.5	0x6f44	No error (0)	google.com		142.251.2.113	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.229968071 CEST	8.8.8.8	192.168.2.5	0xa6ab	No error (0)	google.com		142.251.40.46	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:34.688227892 CEST	1.1.1.1	192.168.2.5	0x146b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 00:28:34.688227892 CEST	1.1.1.1	192.168.2.5	0x146b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:35.224355936 CEST	1.1.1.1	192.168.2.5	0x56a9	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:35.224786997 CEST	1.1.1.1	192.168.2.5	0xd5ac	Name error (3)	passwordreset	none	none	65	IN (0x0001)	false
Apr 24, 2024 00:28:42.953722954 CEST	1.1.1.1	192.168.2.5	0x5594	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:28:42.955229998 CEST	1.1.1.1	192.168.2.5	0xba11	Name error (3)	passwordreset	none	none	65	IN (0x0001)	false
Apr 24, 2024 00:28:43.112425089 CEST	1.1.1.1	192.168.2.5	0x9bc4	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:15.819787025 CEST	1.1.1.1	192.168.2.5	0x7c7e	Name error (3)	passwordreset	none	none	65	IN (0x0001)	false
Apr 24, 2024 00:29:15.820173979 CEST	1.1.1.1	192.168.2.5	0xdaed	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:15.977346897 CEST	1.1.1.1	192.168.2.5	0x5a84	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 00:29:30.461402893 CEST	1.1.1.1	192.168.2.5	0x89aa	Name error (3)	passwordreset	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

magnisteel.lk

https:

aadcdn.msftauth.net

logo.clearbit.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	107.155.77.34	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:21 UTC	696	OUT	GET /4765445b-32c6-49b0-83e6-1d93765276ca.php HTTP/1.1 Host: magnisteel.lk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:21 UTC	380	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 22:28:21 GMT Server: Apache X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=7og30ojr8a6kkj49ad66drp7q1; path=/ Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-23 22:28:21 UTC	4409	IN	Data Raw: 31 31 33 31 0d 0a 0a 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e Data Ascii: 1131<html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" conten
2024-04-23 22:28:22 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 70 61 64 64 69 6e 67 2d 74 6f 70 3d 22 31 30 70 78 22 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 22 20 61 6c 6c 6f 77 74 72 61 6e 73 70 61 72 65 6e 63 79 20 3d 20 22 74 72 75 65 22 20 73 74 79 6c 65 3d 22 66 2d 77 65 62 6b 69 74 2d 66 69 6c 74 65 72 3a 20 62 6c 75 72 28 33 70 78 29 3b 0a 20 20 2d 6d 6f 7a 2d 66 69 6c 74 65 72 3a 20 62 6c 75 72 28 33 70 78 29 3b 0a 20 20 2d 6f 2d 66 69 6c 74 65 72 3a 20 62 6c 75 72 28 33 70 78 29 3b 0a 20 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 20 62 6c 75 72 28 33 70 78 29 3b 0a 20 20 66 69 6c 74 65 72 3a 20 62 6c 75 72 28 33 70 78 29 3b 22 3e 3c 2f 69 66 72 61 6d 65 3e 20 0a 20 20 20 20 20 20 20 20 3c Data Ascii: 1f40" width="100%" height="100%" padding-top="10px"frameborder="0" alt="" allowtransparency = "true" style="f-webkit-filter: blur(3px); -moz-filter: blur(3px); -o-filter: blur(3px); -ms-filter: blur(3px); filter: blur(3px);"></iframe> <
2024-04-23 22:28:22 UTC	7822	IN	Data Raw: 20 61 72 69 61 2d 68 69 64 64 65 6e 20 74 72 75 65 20 68 61 73 20 62 65 65 6e 20 61 64 64 65 64 2e 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 66 6d 74 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 6d 6f 76 65 4f 66 66 53 63 72 65 65 6e 2c 20 76 61 6c 75 65 3a 20 75 6e 73 61 66 65 5f 64 69 73 70 6c 61 79 4e 61 6d 65 22 20 63 6c 61 73 73 3d 22 6d 6f 76 65 4f 66 66 53 63 72 65 65 6e 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 74 79 70 65 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 76 61 6c Data Ascii: aria-hidden true has been added. --> <input type="text" name="loginfmt" data-bind="moveOffScreen, value: unsafe_displayName" class="moveOffScreen" tabindex="-1" aria-hidden="true"> <input type="hidden" name="type" data-bind="val
2024-04-23 22:28:22 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-04-23 22:28:22 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 73 3a 20 7b 20 27 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 27 3a 20 69 73 50 72 69 6d 61 72 79 42 75 74 74 6f 6e 56 69 73 69 62 6c 65 20 7d 22 20 63 6c 61 73 73 3d 22 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 22 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 69 73 20 6e 65 65 64 65 64 20 69 6e 2d 61 64 64 69 74 69 6f 6e 20 74 6f 20 27 74 79 70 65 27 20 69 6e 20 70 72 69 6d 61 72 79 42 75 74 74 6f 6e 41 74 74 72 69 62 75 74 65 73 20 6f 62 73 65 72 76 61 62 6c 65 20 74 6f 20 73 75 70 70 6f 72 74 20 49 45 38 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 69 64 3d 22 69 64 53 49 42 75 74 74 6f 6e 39 22 20 63 6c 61 73 73 3d 22 77 69 6e 2d 62 75 74 74 6f 6e 20 Data Ascii: 1f40s: { 'inline-block': isPrimaryButtonVisible }" class="inline-block"> ... type="submit" is needed in-addition to 'type' in primaryButtonAttributes observable to support IE8 --> <input type="submit" id="idSIButton9" class="win-button
2024-04-23 22:28:22 UTC	3489	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 27 66 6f 6f 74 65 72 27 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 27 3a 20 21 24 70 61 67 65 2e 75 73 65 44 65 66 61 75 6c 74 42 61 63 6b 67 72 6f 75 6e 64 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 62 61 63 6b 67 72 6f 75 6e 64 2d 61 6c 77 61 79 73 2d 76 69 73 69 62 6c 65 27 3a 20 24 70 61 67 65 2e 62 61 63 6b 67 72 6f 75 6e 64 4c 6f 67 6f 55 72 6c 20 7d 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 65 78 74 2d 66 6f 6f 74 65 72 20 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 20 65 78 74 2d 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 6f 6d 70 6f 6e 65 6e 74 3a 20 7b Data Ascii: 'footer': true, 'has-background': !$page.useDefaultBackground(), 'background-always-visible': $page.backgroundLogoUrl }" class="footer ext-footer has-background ext-has-background"> <div data-bind="component: {
2024-04-23 22:28:22 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-04-23 22:28:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49717	152.199.4.44	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:22 UTC	610	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:22 UTC	747	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 52684 Cache-Control: public, max-age=31536000 Content-MD5: iY5CLUIh9JBLJeGkywpVeQ== Content-Type: application/x-javascript Date: Tue, 23 Apr 2024 22:28:22 GMT Etag: 0x8D997E5DC79B53A Last-Modified: Mon, 25 Oct 2021 18:32:55 GMT Server: ECAcc (laa/7B72) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8fddf024-201e-00b5-0f52-95ab68000000 x-ms-version: 2009-09-19 Content-Length: 15492 Connection: close
2024-04-23 22:28:22 UTC	15492	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	152.199.4.44	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:22 UTC	606	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:22 UTC	746	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 52684 Cache-Control: public, max-age=31536000 Content-MD5: 1A1WnDfolxSryQ87DZzNXQ== Content-Type: application/x-javascript Date: Tue, 23 Apr 2024 22:28:22 GMT Etag: 0x8D997E5DC900061 Last-Modified: Mon, 25 Oct 2021 18:32:55 GMT Server: ECAcc (laa/7B8B) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: b8d9e5a5-401e-0063-6b52-956502000000 x-ms-version: 2009-09-19 Content-Length: 6834 Connection: close
2024-04-23 22:28:22 UTC	6834	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	152.199.4.44	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:22 UTC	636	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://magnisteel.lk sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:22 UTC	754	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2545523 Cache-Control: public, max-age=31536000 Content-MD5: 0O2H9juGYL0zkzcYWr0NIg== Content-Type: text/css Date: Tue, 23 Apr 2024 22:28:22 GMT Etag: 0x8D982C8F03AF4D4 Last-Modified: Tue, 28 Sep 2021 21:42:58 GMT Server: ECAcc (laa/7A9E) Vary: Accept-Encoding X-Cache: HIT X-EC-BBR-Enable: 1 x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7fe2ab04-801e-006f-2fa6-7e911b000000 x-ms-version: 2009-09-19 Content-Length: 110118 Connection: close
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 Data Ascii: /! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
2024-04-23 22:28:22 UTC	1	IN	Data Raw: 73 Data Ascii: s
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 2d 31 2c 2e 63 6f 6c 2d 78 73 2d 32 2c 2e 63 6f 6c 2d 78 73 2d 33 2c 2e 63 6f 6c 2d 78 73 2d 34 2c 2e 63 6f 6c 2d 78 73 2d 35 2c 2e 63 6f 6c 2d 78 73 2d 36 2c 2e 63 6f 6c 2d 78 73 2d 37 2c 2e 63 6f 6c 2d 78 73 2d 38 2c 2e 63 6f 6c 2d 78 73 2d 39 2c 2e 63 6f 6c 2d 78 73 2d 31 30 2c 2e 63 6f 6c 2d 78 73 2d 31 31 2c 2e 63 6f 6c 2d 78 73 2d 31 32 2c 2e 63 6f 6c 2d 78 73 2d 31 33 2c 2e 63 6f 6c 2d 78 73 2d 31 34 2c 2e 63 6f 6c 2d 78 73 2d 31 35 2c 2e 63 6f 6c 2d 78 73 2d 31 36 2c 2e 63 6f 6c 2d 78 73 2d 31 37 2c 2e 63 6f 6c 2d 78 73 2d 31 38 2c 2e 63 6f 6c 2d 78 73 2d 31 39 2c 2e 63 6f 6c 2d 78 73 2d 32 30 2c 2e 63 6f 6c 2d 78 73 2d 32 31 2c 2e 63 6f 6c 2d 78 73 2d 32 32 2c 2e 63 6f 6c 2d 78 73 2d 32 33 2c 2e 63 6f 6c 2d 78 73 2d 32 34 7b 66 6c 6f 61 74 3a 6c Data Ascii: -1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-13,.col-xs-14,.col-xs-15,.col-xs-16,.col-xs-17,.col-xs-18,.col-xs-19,.col-xs-20,.col-xs-21,.col-xs-22,.col-xs-23,.col-xs-24{float:l
2024-04-23 22:28:22 UTC	1	IN	Data Raw: 67 Data Ascii: g
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 69 6e 2d 6c 65 66 74 3a 39 35 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 32 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 30 25 7d 7d 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 6c 65 67 65 6e 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 7d 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 Data Ascii: in-left:95.83333%}.col-xl-offset-24{margin-left:100%}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;border:0}label{display:inline-block;max-width:100%}input[type="search"]{-webkit-box-sizing:border-box;-moz-box
2024-04-23 22:28:22 UTC	1	IN	Data Raw: 6f Data Ascii: o
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 77 2d 78 3a 61 75 74 6f 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2e 30 31 25 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 33 39 70 78 29 7b 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 2d 6d 73 2d 6f 76 65 72 66 6c 6f 77 2d 73 74 79 6c 65 3a 2d 6d 73 2d 61 75 74 6f 68 69 64 69 6e 67 2d 73 63 72 6f 6c 6c 62 61 72 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 2c 2e 74 61 62 6c 65 Data Ascii: w-x:auto;min-height:.01%}@media screen and (max-width:539px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table
2024-04-23 22:28:22 UTC	1	IN	Data Raw: 2c Data Ascii: ,
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 22 54 75 6e 67 61 22 2c 22 4c 61 6f 20 55 49 22 2c 22 52 61 61 76 69 22 2c 22 49 73 6b 6f 6f 6c 61 20 50 6f 74 61 22 2c 22 4c 61 74 68 61 22 2c 22 4c 65 65 6c 61 77 61 64 65 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 20 55 49 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4a 68 65 6e 67 48 65 69 20 55 49 22 2c 22 4d 61 6c 67 75 6e 20 47 6f 74 68 69 63 22 2c 22 45 73 74 72 61 6e 67 65 6c 6f 20 45 64 65 73 73 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 48 69 6d 61 6c 61 79 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4e 65 77 20 54 61 69 20 4c 75 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 50 68 61 67 73 50 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f 6c 69 Data Ascii: "Tunga","Lao UI","Raavi","Iskoola Pota","Latha","Leelawadee","Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongoli
2024-04-23 22:28:22 UTC	1	IN	Data Raw: 2d Data Ascii: -

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49716	152.199.4.44	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:22 UTC	597	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:22 UTC	747	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 52684 Cache-Control: public, max-age=31536000 Content-MD5: JELxaubb1KDAtUnzSblILg== Content-Type: application/x-javascript Date: Tue, 23 Apr 2024 22:28:22 GMT Etag: 0x8D997E5DD3425FC Last-Modified: Mon, 25 Oct 2021 18:32:56 GMT Server: ECAcc (laa/7BDD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: feb53713-701e-0044-1052-95253f000000 x-ms-version: 2009-09-19 Content-Length: 20076 Connection: close
2024-04-23 22:28:22 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-04-23 22:28:22 UTC	3693	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3a 20 61 63 63 65 73 73 52 65 63 6f 76 65 72 79 4c 69 6e 6b 20 7c 7c 20 73 76 72 2e 75 72 6c 52 65 73 65 74 50 61 73 73 77 6f 72 64 2c 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 74 74 72 3a 20 7b 20 74 61 72 67 65 74 3a 20 61 63 63 65 73 73 52 65 63 6f 76 65 72 79 4c 69 6e 6b 20 26 26 20 5c 27 5f 62 6c 61 6e 6b 5c 27 20 7d 2c 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 69 63 6b 3a 20 61 63 63 65 73 73 52 65 63 6f 76 65 72 79 4c 69 6e 6b 20 3f 20 6e 75 6c 6c 20 3a 20 72 65 73 65 74 50 61 73 73 77 6f 72 64 5f 6f 6e 43 6c 69 63 6b 22 3e 3c 2f 61 3e 5c 6e 20 20 20 Data Ascii: href: accessRecoveryLink \|\| svr.urlResetPassword,\n attr: { target: accessRecoveryLink && \'_blank\' },\n click: accessRecoveryLink ? null : resetPassword_onClick"></a>\n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49710	107.155.77.34	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:23 UTC	659	OUT	GET /); HTTP/1.1 Host: magnisteel.lk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7og30ojr8a6kkj49ad66drp7q1
2024-04-23 22:28:23 UTC	185	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 22:28:23 GMT Server: Apache X-Powered-By: PHP/5.6.40 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-23 22:28:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	13.225.142.14	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:23 UTC	574	OUT	GET / HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:23 UTC	493	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Content-Length: 23 Connection: close Date: Tue, 23 Apr 2024 22:28:23 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Error from cloudfront Via: 1.1 5d364edd2927236ece76b1ef58ec87da.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LAX3-C4 X-Amz-Cf-Id: uNetuKHSaPPItDO5DcV3xJg_cXj5kzp9kwL5NhSDi6dQ4f62C_g94Q==
2024-04-23 22:28:23 UTC	23	IN	Data Raw: 22 2f 22 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 64 6f 6d 61 69 6e 0a Data Ascii: "/" not a valid domain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49719	152.199.4.44	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:23 UTC	757	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://magnisteel.lk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 22:28:23 UTC	749	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2545524 Cache-Control: public, max-age=31536000 Content-MD5: GYbSFdLE8Xb9pCzSg7cJ6A== Content-Type: application/x-javascript Date: Tue, 23 Apr 2024 22:28:23 GMT Etag: 0x8D992B5E417004E Last-Modified: Tue, 19 Oct 2021 04:06:56 GMT Server: ECAcc (laa/7BB6) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 57f0c7b1-601e-0025-78a6-7e4c1f000000 x-ms-version: 2009-09-19 Content-Length: 43235 Connection: close
2024-04-23 22:28:23 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 69 29 7b 69 66 28 6e 5b 69 5d 29 72 65 74 75 72 6e 20 6e 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 74 3d 6e 5b 69 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 2c 69 64 3a 69 2c 6c 6f 61 64 65 64 3a 21 31 7d 3b 72 65 74 75 72 6e 20 65 5b 69 5d 2e 63 61 6c 6c 28 74 2e 65 78 70 6f 72 74 73 2c 74 2c 74 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 74 2e 6c 6f 61 64 65 64 3d 21 30 2c 74 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 6e 3d 7b 7d 3b 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 6e 2c 6f 2e 70 3d 22 22 2c 6f 28 30 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 6e 28 32 29 3b 76 61 72 20 69 3d 6e 28 31 29 2c 74 3d 6e 28 34 29 2c 72 3d 6e 28 35 29 2c 61 3d 72 2e 53 74 72 69 6e Data Ascii: !function(e){function o(i){if(n[i])return n[i].exports;var t=n[i]={exports:{},id:i,loaded:!1};return e[i].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){n(2);var i=n(1),t=n(4),r=n(5),a=r.Strin
2024-04-23 22:28:23 UTC	16383	IN	Data Raw: 63 61 74 65 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 4f 70 74 69 6f 6e 5f 45 78 69 64 3d 22 53 69 67 6e 20 69 6e 20 74 6f 20 61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 48 65 6c 70 5f 44 65 73 63 5f 45 78 69 64 3d 22 53 65 61 72 63 68 20 66 6f 72 20 61 20 63 6f 6d 70 61 6e 79 20 6f 72 20 61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 20 74 68 61 74 20 79 6f 75 e2 80 99 72 65 20 77 6f 72 6b 69 6e 67 20 77 69 74 68 2e 22 2c 65 2e 43 54 5f 53 54 52 5f 46 69 64 6f 44 69 61 6c 6f 67 5f 44 65 73 63 3d 22 53 69 67 6e 20 69 6e 20 77 69 74 68 6f 75 74 20 61 20 75 73 65 72 6e 61 6d 65 20 6f 72 20 70 61 73 73 77 6f 72 64 20 62 79 20 75 73 69 Data Ascii: cate",e.CT_STR_CredentialPicker_Option_Exid="Sign in to an organisation",e.CT_STR_CredentialPicker_Help_Desc_Exid="Search for a company or an organisation that youre working with.",e.CT_STR_FidoDialog_Desc="Sign in without a username or password by usi
2024-04-23 22:28:24 UTC	10469	IN	Data Raw: 2c 4b 6d 73 69 3a 32 38 7d 2c 6f 2e 55 73 65 72 50 72 6f 70 65 72 74 79 3d 7b 55 53 45 52 4e 41 4d 45 3a 22 6c 6f 67 69 6e 22 2c 45 52 52 4f 52 5f 43 4f 44 45 3a 22 48 52 22 2c 45 52 52 5f 4d 53 47 3a 22 45 72 72 6f 72 4d 65 73 73 61 67 65 22 2c 45 58 54 5f 45 52 52 4f 52 3a 22 45 78 74 45 72 72 22 2c 45 52 52 5f 55 52 4c 3a 22 45 72 72 55 72 6c 22 2c 44 41 54 4f 4b 45 4e 3a 22 44 41 54 6f 6b 65 6e 22 2c 44 41 5f 53 45 53 4b 45 59 3a 22 44 41 53 65 73 73 69 6f 6e 4b 65 79 22 2c 44 41 5f 53 54 41 52 54 3a 22 44 41 53 74 61 72 74 54 69 6d 65 22 2c 44 41 5f 45 58 50 49 52 45 3a 22 44 41 45 78 70 69 72 65 73 22 2c 53 54 53 5f 49 4c 46 54 3a 22 53 54 53 49 6e 6c 69 6e 65 46 6c 6f 77 54 6f 6b 65 6e 22 2c 53 49 47 4e 49 4e 4e 41 4d 45 3a 22 53 69 67 6e 69 6e 4e Data Ascii: ,Kmsi:28},o.UserProperty={USERNAME:"login",ERROR_CODE:"HR",ERR_MSG:"ErrorMessage",EXT_ERROR:"ExtErr",ERR_URL:"ErrUrl",DATOKEN:"DAToken",DA_SESKEY:"DASessionKey",DA_START:"DAStartTime",DA_EXPIRE:"DAExpires",STS_ILFT:"STSInlineFlowToken",SIGNINNAME:"SigninN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49722	107.155.77.34	443	6184	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:23 UTC	385	OUT	GET /); HTTP/1.1 Host: magnisteel.lk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=7og30ojr8a6kkj49ad66drp7q1
2024-04-23 22:28:24 UTC	185	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 22:28:24 GMT Server: Apache X-Powered-By: PHP/5.6.40 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-23 22:28:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49723	23.61.214.98	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 22:28:24 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=30977 Date: Tue, 23 Apr 2024 22:28:24 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49724	23.61.214.98	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:24 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 22:28:25 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2578) X-CID: 11 Cache-Control: public, max-age=30912 Date: Tue, 23 Apr 2024 22:28:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-23 22:28:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49725	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:28:34 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5cXCgE7oZSKZd6C&MD=Uy42rKWm HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-23 22:28:35 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0598588a-581a-4b7e-9a9d-666ca3ab2786 MS-RequestId: 68d217f3-c358-40d0-a549-1aa74b4831b6 MS-CV: Kpcfey951UKpeU+O.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 23 Apr 2024 22:28:34 GMT Connection: close Content-Length: 24490
2024-04-23 22:28:35 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-23 22:28:35 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49733	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 22:29:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5cXCgE7oZSKZd6C&MD=Uy42rKWm HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-23 22:29:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 9d201f29-60c5-4ff5-90da-605bc2d58537 MS-RequestId: b74c5896-8e0f-4793-93aa-a356026dbf74 MS-CV: T7gmOE28rkWyzGpp.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 23 Apr 2024 22:29:12 GMT Connection: close Content-Length: 25457
2024-04-23 22:29:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-23 22:29:13 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5880, Parent PID: 5752

General

Target ID:	0
Start time:	00:28:12
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6184, Parent PID: 5880

General

Target ID:	2
Start time:	00:28:16
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2388,i,5551892867405834826,3016472368965618072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3220, Parent PID: 5752

General

Target ID:	3
Start time:	00:28:18
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly