Edit tour

Windows Analysis Report
http://79.141.36.131

Overview

General Information

Sample URL:	http://79.141.36.131
Analysis ID:	1467817
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1920,i,17782492426435082122,11014265628937219128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://79.141.36.131" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: http://79.141.36.131

LLM: Score: 8 brands: SonicWall Reasons: The URL 'http://79.141.36.131' is an IP address rather than a domain name, which is often used in phishing attacks to obscure the true destination of the link. The page displays a SonicWall logo, indicating it is attempting to impersonate the SonicWall brand. The message on the page suggests that the user is being redirected to a secure login page, which is a common social engineering technique used in phishing attacks. There is a suspicious link labeled 'secure login page' which could potentially lead to a phishing site. The legitimate domain for SonicWall is 'sonicwall.com', and the use of an IP address instead of the legitimate domain is highly suspicious. Therefore, this site is likely a phishing site. DOM: 0.0.pages.csv

Source: http://79.141.36.131/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:61600 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:61603 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131
Source: unknown	TCP traffic detected without corresponding DNS query: 79.141.36.131

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /swl_styles-6.2.5-4184726327.css HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://79.141.36.131/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /swl_login-6.2.5-2193764341.css HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://79.141.36.131/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo_sw.png HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://79.141.36.131/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://79.141.36.131/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo_sw.png HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 79.141.36.131Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: chromecache_106.2.dr

String found in binary or memory: https://79.141.36.131/auth.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 61605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61605
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@24/12@2/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1920,i,17782492426435082122,11014265628937219128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://79.141.36.131"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1920,i,17782492426435082122,11014265628937219128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://79.141.36.131	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://79.141.36.131/swl_login-6.2.5-2193764341.css	0%	Avira URL Cloud	safe
http://79.141.36.131/favicon.ico	0%	Avira URL Cloud	safe
https://79.141.36.131/auth.html	0%	Avira URL Cloud	safe
http://79.141.36.131/logo_sw.png	0%	Avira URL Cloud	safe
http://79.141.36.131/swl_styles-6.2.5-4184726327.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://79.141.36.131/favicon.ico	true	Avira URL Cloud: safe	unknown
http://79.141.36.131/swl_login-6.2.5-2193764341.css	true	Avira URL Cloud: safe	unknown
http://79.141.36.131/swl_styles-6.2.5-4184726327.css	true	Avira URL Cloud: safe	unknown
http://79.141.36.131/logo_sw.png	true	Avira URL Cloud: safe	unknown
http://79.141.36.131/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://79.141.36.131/auth.html	chromecache_106.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
79.141.36.131	unknown	United Kingdom	6461	ZAYO-6461US	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467817
Start date and time:	2024-07-04 20:19:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://79.141.36.131
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@24/12@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://79.141.36.131/auth.html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.185.174, 74.125.71.84, 34.104.35.123, 172.217.18.3, 52.165.165.26, 199.232.214.172, 192.229.221.95, 20.3.187.198, 13.85.23.206, 20.242.39.171, 20.166.126.56, 131.107.255.255, 40.68.123.157, 142.250.185.131, 40.127.169.103
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://79.141.36.131

Input	Output
URL: http://79.141.36.131/ Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The text 'please be patient as you are being re-directed to a secure login page' suggests that the webpage contains a login form.","No elements of urgency were found in the text.","No CAPTCHA or anti-robot detection mechanism was mentioned or observed in the provided information."]}
Title: Document Moved OCR: SONICWALL" Network Security Appliance Please be patient as you are being re- directed to a secure login page
URL: http://79.141.36.131 Model: gpt-4o	```json{ "phishing_score": 8, "brands": "SonicWall", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": false, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "sonicwall.com", "reasons": "The URL 'http://79.141.36.131' is an IP address rather than a domain name, which is often used in phishing attacks to obscure the true destination of the link. The page displays a SonicWall logo, indicating it is attempting to impersonate the SonicWall brand. The message on the page suggests that the user is being redirected to a secure login page, which is a common social engineering technique used in phishing attacks. There is a suspicious link labeled 'secure login page' which could potentially lead to a phishing site. The legitimate domain for SonicWall is 'sonicwall.com', and the use of an IP address instead of the legitimate domain is highly suspicious. Therefore, this site is likely a phishing site."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1507
Entropy (8bit):	6.634887007944679
Encrypted:	false
SSDEEP:	24:o1hJIwWwh82lYSZknisB3yVCNxZyJ3VEvYy3OGNwAGtM5Vx1aYOHB0jSQCs47OF:mkNvn6knislyENuJ3URKAxVxChBTs0A
MD5:	60FA7ED2309D77DE1F9DC5E7C741AC48
SHA1:	0AA56A01CCCCC051F615737EAD979EA4ADFB4EA9
SHA-256:	6BB6F64ADAA6A7ED4DA10A2FE4EDF4CB4D9914AA742C7AD607CA4CA678DCD3F1
SHA-512:	FEA52FAAF5E0C12606931BA4A203B7D3AF6E590A987385FD1CAC0084E81F72891F5C03D457548F2CE95438781FFC90AA495EA898051DB8AFFC50A6BE7F559CE4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="uuid:5D20892493BFDB11914A8590D31508C8" xmpMM:DocumentID="xmp.did:AE63E57A843E11E69E66BB3D1BBB34E1" xmpMM:InstanceID="xmp.iid:AE63E579843E11E69E66BB3D1BBB34E1" xmp:CreatorTool="Adobe Illustrator CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d16989d-1431-469e-8776-63214b678e7e" stRef:documentID="xmp.did:725ddc26-be34-4392-a11c-590eab49a6bb"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">SonicWa

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2794
Entropy (8bit):	5.408928913757861
Encrypted:	false
SSDEEP:	48:IopdVARMfNUyrk+xQIzlb2IWBdKay1KJT+SSmrbZ8a/joJyB1vLPFX6J/cbHkb0A:/ARsUyrki+cKJT+SJ+a/U8BT6JmkbR
MD5:	31A14B8AF8467C9872FF10FCCA600783
SHA1:	0C056C37FB7B5A8A25EB49B8CFD9B6427DDD31E4
SHA-256:	C6E0F494A52B89B867EC62070DE6A00BC8A2724802CF83A00EC0D5A10D6C4085
SHA-512:	2C7C57A450FF9DD120BEB1590561A116D9D7AFD71E7ECD677872D9232CC39195643170A439BB869E1732A8C95C677A547DDEADE105963FC97B2829B86AC8BD5C
Malicious:	false
Reputation:	low
URL:	http://79.141.36.131/
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..<html>..<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">....<meta http-equiv="Content-Type" content="text/html">..<title>Document Moved</title>..<meta name="id" content="docJump" >..<link rel=stylesheet href="swl_styles-6.2.5-4184726327.css" TYPE="text/css">..<link rel=stylesheet href="swl_login-6.2.5-2193764341.css" TYPE="text/css">..<script type="text/JavaScript">..var resetSecureFlag = false;..setTimeout("goJump();", 1000);..function goJump() {...var jumpURL = "https://79.141.36.131/auth.html";...var jumpProt = jumpURL.substr(0,6).toLowerCase();...var ix;...if (jumpProt.substr(0,4) == "http" && (ix = jumpProt.indexOf(":")) != -1) {....jumpProt = jumpProt.substr(0,ix+1);....if (location.protocol.toLowerCase() != jumpProt) {.....window.opener = null;.....top.opener = null;....}...}...if (resetSecureFlag) {....var sessId = getCookie("SessId");....var pageSeed = swlStore.get("PageSeed", {isGlobal: t

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3240
Entropy (8bit):	7.731041847221727
Encrypted:	false
SSDEEP:	48:aANn2eqykxJ3qk3P30GzJbf9D0AgKZ8t7m3VpUmXV+D15uL0dfwTU2IFuGB4Jx9T:r25Iw300D0Fmg7UDL8x5uwQmFs9mk
MD5:	4860590C734F8DC5EE585DE2BD00B0FE
SHA1:	159EBC3218C1094B37384266D13319F25E133B2F
SHA-256:	7DD2BF5891D67347182CAC9DD160071FDA93F65D6F11B9BAC5EBF138D8899424
SHA-512:	2E8B4666022D08E2E303ECD2E1CBAC707319A1ABA9CC075B53123A4632238948E7A909587D8A0D00FD554656186F401002DA05A82DEB775645306FCB681921A4
Malicious:	false
Reputation:	low
URL:	http://79.141.36.131/logo_sw.png
Preview:	.PNG........IHDR.............K.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'Od.....IDATx..[..US.>..P..)..L..)...)Y..!/C"..D2..E......$....)C)C..2{.4yu}.....}.=..V..u.Z..............%.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	9105
Entropy (8bit):	5.1528882014230755
Encrypted:	false
SSDEEP:	96:eJIToLvd2JG7JhJaIIwe6gcFUPuQJ0JawPeiF9xBTpahrcdAwyv5gfqgOjNaKYvK:WfLIGNfA6o7dFv50q1tYv/y
MD5:	A5120F98132BBE7EE4C8DD8F68A0AA25
SHA1:	7E4997C0BE9B6ACF8BB7A17508C97525836B7357
SHA-256:	32690112F62FCA9620801914A610056C9E9273AA4A3075FA4294874451726C3E
SHA-512:	0D75C910A25F62A643470902726E77C65688DE57BBC639867DF5FC72919915FBB6374BEA6ACB9EFAFB20B107D76B9CDAB78C2038995F33A52E45C505EE37650A
Malicious:	false
Reputation:	low
URL:	http://79.141.36.131/swl_login-6.2.5-2193764341.css
Preview:	body, p, td {..font-family: Tahoma, Arial, Verdana, sans-serif;..font-size: 13px;..color: #000000;..line-height: 15px;.}.a {..color: #003399;.}.a:hover {..color: #0066CC;..text-decoration: underline;.}..input:not([type="image"]), select, button, textarea {../* use border-box to simplify the width setting for controls accross all browsers */..box-sizing: border-box !important;.}...half_line_spacing {..line-height: 6px;..font-size: 6px;.}...snwl-btn {..cursor: pointer;..height:32px;..padding:0 16px 0 16px;..border-radius:3px;..color:#555;..background-color:#eee;..border:1px solid #999;..min-width:72px;..text-transform: uppercase;.}...snwl-btn-condensed {..font-size: 11px;..min-width: initial;..padding: 6px 8px;..height: auto;.}...snwl-btn:hover,..snwl-btn:focus {..color:#555;..background-color:#ccc;..border:1px solid #2184c7;.}...snwl-btn:active {..color:#555;..background-color:#bbb;..border:1px solid #2184c7;.}...snwl-btn:disabled {..color:rgba(0, 0, 0, 0.26);..background-color:rgba(0,

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1507
Entropy (8bit):	6.634887007944679
Encrypted:	false
SSDEEP:	24:o1hJIwWwh82lYSZknisB3yVCNxZyJ3VEvYy3OGNwAGtM5Vx1aYOHB0jSQCs47OF:mkNvn6knislyENuJ3URKAxVxChBTs0A
MD5:	60FA7ED2309D77DE1F9DC5E7C741AC48
SHA1:	0AA56A01CCCCC051F615737EAD979EA4ADFB4EA9
SHA-256:	6BB6F64ADAA6A7ED4DA10A2FE4EDF4CB4D9914AA742C7AD607CA4CA678DCD3F1
SHA-512:	FEA52FAAF5E0C12606931BA4A203B7D3AF6E590A987385FD1CAC0084E81F72891F5C03D457548F2CE95438781FFC90AA495EA898051DB8AFFC50A6BE7F559CE4
Malicious:	false
Reputation:	low
URL:	http://79.141.36.131/favicon.ico
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="uuid:5D20892493BFDB11914A8590D31508C8" xmpMM:DocumentID="xmp.did:AE63E57A843E11E69E66BB3D1BBB34E1" xmpMM:InstanceID="xmp.iid:AE63E579843E11E69E66BB3D1BBB34E1" xmp:CreatorTool="Adobe Illustrator CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d16989d-1431-469e-8776-63214b678e7e" stRef:documentID="xmp.did:725ddc26-be34-4392-a11c-590eab49a6bb"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">SonicWa

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 26, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3240
Entropy (8bit):	7.731041847221727
Encrypted:	false
SSDEEP:	48:aANn2eqykxJ3qk3P30GzJbf9D0AgKZ8t7m3VpUmXV+D15uL0dfwTU2IFuGB4Jx9T:r25Iw300D0Fmg7UDL8x5uwQmFs9mk
MD5:	4860590C734F8DC5EE585DE2BD00B0FE
SHA1:	159EBC3218C1094B37384266D13319F25E133B2F
SHA-256:	7DD2BF5891D67347182CAC9DD160071FDA93F65D6F11B9BAC5EBF138D8899424
SHA-512:	2E8B4666022D08E2E303ECD2E1CBAC707319A1ABA9CC075B53123A4632238948E7A909587D8A0D00FD554656186F401002DA05A82DEB775645306FCB681921A4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............K.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'Od.....IDATx..[..US.>..P..)..L..)...)Y..!/C"..D2..E......$....)C)C..2{.4yu}.....}.=..V..u.Z..............%.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	58596
Entropy (8bit):	5.277892516538721
Encrypted:	false
SSDEEP:	768:RS6Ah/jl6A3cYqgZt80YUwNIl6Eur2+GIaZO4Qgfe1j3PMsNL/Oz:RS6Ah/jlF3twmIaZOVbNa
MD5:	452609EC8A98B6BE298516E61160A52D
SHA1:	BD664B235846769CCA5A3A9253A4D002994699F3
SHA-256:	D2A1ECC6529E220532403FEA863A0C201D9F52904D3935E9C0CB10D6EEA70532
SHA-512:	8058EF9E3F11030DF15A59D8AD6B35AB0C4CEA7BD3FC339A111E3567CCC6095260DE4CE140451AA536D8A595FE8D541D32217E4DF58737AEA00FE19BDE6D82B6
Malicious:	false
Reputation:	low
URL:	http://79.141.36.131/swl_styles-6.2.5-4184726327.css
Preview:	/**************************. *************************. normalized typography. ***************************/..typo-headline {font-size: 18px; font-weight: normal; line-height: 1.5; color: #005d84;}..typo-title {font-size: 15px; font-weight: normal; line-height: 1.2; color: #555;}..typo-body-heading {font-size: 15px; font-weight: bold; line-height: 1.2; color: #000;}..typo-body-subheading {font-size: 15px; font-weight: normal; line-height: 1.2; color: #000;}..typo-body-2 {font-size: 13px; font-weight: bold; line-height: 1.2; color: #000;}..typo-body-1 {font-size: 13px; font-weight: normal; line-height: 1.2; color: #000;}..typo-body-subtext {font-size: 13px; font-weight: normal; line-height: 1.2; color: #777;}..typo-caption {font-size: 11px; font-weight: normal; line-height: 1.3; color: #666;}..typo-button {font-size: 13px; font-weight: normal; line-height: 1.2; color: #555; text-transform: uppercase;}..typo-menu-1 {font-size: 15px; font-weight: normal; line-height: 1.2; color: #77

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 4, 2024 20:19:57.875118971 CEST	49678	443	192.168.2.4	104.46.162.224
Jul 4, 2024 20:19:59.812727928 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 4, 2024 20:20:07.100270033 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:07.100429058 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:07.105063915 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:07.105138063 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:07.105185032 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:07.105597973 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:07.111138105 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:07.115880966 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567265034 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567291975 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567303896 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567414045 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.567419052 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567476988 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567491055 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567519903 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.567533016 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.567614079 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.567657948 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.568341017 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.568397999 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.571259975 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.574165106 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.574177980 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.574189901 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.574222088 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.574245930 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.574245930 CEST	49737	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.576034069 CEST	80	49737	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.588238001 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.588641882 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.588725090 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.593502045 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.593622923 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.593688011 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.593765020 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.593765020 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.593822956 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.593966007 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.598536968 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.598645926 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.779198885 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.779213905 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.779227018 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.779272079 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.864660025 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.864697933 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.864710093 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.864722013 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.864763975 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.864798069 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.950733900 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.950766087 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.950778961 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.950825930 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.950839043 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:08.950843096 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:08.950881958 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.037365913 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037395954 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037425995 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037441969 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037457943 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.037486076 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.037580013 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037620068 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037631035 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.037661076 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.083770990 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.124413013 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124473095 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124497890 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124517918 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124526978 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.124531031 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124713898 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.124845028 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.124906063 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.124942064 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.131058931 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:09.131129026 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:09.420424938 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 4, 2024 20:20:10.192678928 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192692995 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192707062 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192738056 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.192816973 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192826986 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192835093 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192845106 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192852974 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.192856073 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192883015 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.192897081 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192907095 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192912102 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.192915916 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192925930 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.192934990 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193012953 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193031073 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193041086 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193049908 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193094969 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193099976 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193136930 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193149090 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193156958 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193175077 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193186998 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193205118 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193217993 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193224907 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193243980 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193265915 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193341970 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193366051 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193389893 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193401098 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193428040 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193506956 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193516016 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193526030 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193558931 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193623066 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193633080 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193643093 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193674088 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193763971 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193777084 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193785906 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193795919 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193797112 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193806887 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193821907 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193845987 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193906069 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193916082 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193924904 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193942070 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193964958 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.193973064 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.193975925 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194019079 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194086075 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194103956 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194113970 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194147110 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194170952 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194180012 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194189072 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194209099 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194221020 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194235086 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194243908 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194252968 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194281101 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194302082 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194318056 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194361925 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194384098 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194418907 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.194422007 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.194461107 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.195574999 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.195996046 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.196006060 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.196016073 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.196033955 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.196050882 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.196113110 CEST	49738	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.204741001 CEST	80	49738	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.207142115 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.207175970 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.207222939 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.207678080 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.207695007 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.212852955 CEST	49741	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.215574026 CEST	49742	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.217662096 CEST	80	49741	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.220339060 CEST	80	49742	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.520656109 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:10.520689964 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:10.520759106 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:10.522497892 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:10.522509098 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:10.774306059 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.779314995 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.779382944 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.780008078 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.785284996 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.872097015 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.888324976 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.888361931 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.889492035 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.889545918 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.891535997 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.891603947 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.928977966 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.932734013 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:10.932804108 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:10.934863091 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.934986115 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.937582970 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:10.943454981 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:10.987071991 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:11.171926975 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.172102928 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.356518984 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.356520891 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.356564045 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.356571913 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.356642008 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.356647968 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.356880903 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.356894970 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.357580900 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.357598066 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.402169943 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.402198076 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.402558088 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.421245098 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.421998024 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.422030926 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.422070026 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.425014973 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.452275038 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.502310991 CEST	49745	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.507287025 CEST	80	49745	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.553359985 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.596529007 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.596560955 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.596596956 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.596643925 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.596647024 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.596993923 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.600497961 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.683073997 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.683542967 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.684025049 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.699043036 CEST	49746	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:11.703963995 CEST	80	49746	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:11.730607033 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.730683088 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.730781078 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.731775045 CEST	49744	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.731796026 CEST	443	49744	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.822232962 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.822261095 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:11.822431087 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.823771954 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:11.823784113 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.267426014 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.331933975 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.332005978 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.332350969 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.335685015 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.335997105 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.336047888 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.336074114 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.336432934 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.336447001 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.337060928 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.337120056 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.337213039 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.337521076 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.337651014 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.343344927 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.343517065 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.343533039 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.343539953 CEST	443	49747	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.343573093 CEST	49747	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.343983889 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.344022989 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.344106913 CEST	443	49748	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.344144106 CEST	49748	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.468764067 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.468832016 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.490844011 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.490863085 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.491075993 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.492783070 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.540499926 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.727083921 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.727157116 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.727210999 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.742032051 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.742065907 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.742078066 CEST	49749	443	192.168.2.4	23.211.8.90
Jul 4, 2024 20:20:12.742084980 CEST	443	49749	23.211.8.90	192.168.2.4
Jul 4, 2024 20:20:12.962723017 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.962788105 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.962822914 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:12.962909937 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.962910891 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.967401028 CEST	49750	80	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:12.972368956 CEST	80	49750	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:20.345829964 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.345860004 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:20.345923901 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.346435070 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.346476078 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:20.346704006 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.347526073 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.347541094 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:20.347740889 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:20.347754002 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:20.773914099 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:20.773972034 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:20.774051905 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:21.001585960 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.002521038 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.045552015 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.046289921 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.055562973 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.055574894 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.055742025 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.055752993 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.056727886 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.056792974 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.056822062 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.056869030 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.057468891 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.057622910 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.058149099 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.058173895 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.058195114 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.058295012 CEST	443	49753	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.058335066 CEST	49753	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.058418036 CEST	49752	443	192.168.2.4	79.141.36.131
Jul 4, 2024 20:20:21.058429003 CEST	443	49752	79.141.36.131	192.168.2.4
Jul 4, 2024 20:20:21.082307100 CEST	49743	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:20:21.082334995 CEST	443	49743	142.250.186.100	192.168.2.4
Jul 4, 2024 20:20:26.211406946 CEST	61600	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:26.216238022 CEST	53	61600	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:26.216339111 CEST	61600	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:26.216375113 CEST	61600	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:26.221244097 CEST	53	61600	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:26.680773973 CEST	53	61600	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:26.681269884 CEST	61600	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:26.686501026 CEST	53	61600	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:26.686582088 CEST	61600	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:06.928538084 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:06.933399916 CEST	53	61603	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:06.933516979 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:06.933516979 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:06.933552980 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:06.938606977 CEST	53	61603	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:06.938627005 CEST	53	61603	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:07.412554026 CEST	53	61603	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:07.413085938 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:07.418086052 CEST	53	61603	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:07.418193102 CEST	61603	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:21:09.857453108 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:09.857500076 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:09.857568026 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:09.858437061 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:09.858453035 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:10.691358089 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:10.691657066 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:10.691685915 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:10.692014933 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:10.692440033 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:10.692544937 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:10.738053083 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:16.816235065 CEST	49723	80	192.168.2.4	93.184.221.240
Jul 4, 2024 20:21:16.816333055 CEST	49724	80	192.168.2.4	93.184.221.240
Jul 4, 2024 20:21:16.821351051 CEST	80	49723	93.184.221.240	192.168.2.4
Jul 4, 2024 20:21:16.821492910 CEST	49723	80	192.168.2.4	93.184.221.240
Jul 4, 2024 20:21:16.821932077 CEST	80	49724	93.184.221.240	192.168.2.4
Jul 4, 2024 20:21:16.822407007 CEST	49724	80	192.168.2.4	93.184.221.240
Jul 4, 2024 20:21:20.624272108 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:20.624334097 CEST	443	61605	142.250.186.100	192.168.2.4
Jul 4, 2024 20:21:20.624476910 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:22.302264929 CEST	61605	443	192.168.2.4	142.250.186.100
Jul 4, 2024 20:21:22.302294016 CEST	443	61605	142.250.186.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 4, 2024 20:20:05.707003117 CEST	53	53474	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:05.782115936 CEST	53	65406	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:07.067441940 CEST	53	62915	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:09.809380054 CEST	56900	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:09.809931040 CEST	50114	53	192.168.2.4	1.1.1.1
Jul 4, 2024 20:20:10.201268911 CEST	53	50114	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:10.201410055 CEST	53	56900	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:12.563678980 CEST	53	61683	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:24.304713964 CEST	53	58747	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:26.210993052 CEST	53	64307	1.1.1.1	192.168.2.4
Jul 4, 2024 20:20:28.426598072 CEST	138	138	192.168.2.4	192.168.2.255
Jul 4, 2024 20:20:43.353718042 CEST	53	60579	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:05.292815924 CEST	53	63080	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:05.914664030 CEST	53	63587	1.1.1.1	192.168.2.4
Jul 4, 2024 20:21:06.928184032 CEST	53	59528	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 4, 2024 20:20:09.809380054 CEST	192.168.2.4	1.1.1.1	0x81fb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 4, 2024 20:20:09.809931040 CEST	192.168.2.4	1.1.1.1	0xb0f6	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 4, 2024 20:20:10.201268911 CEST	1.1.1.1	192.168.2.4	0xb0f6	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 4, 2024 20:20:10.201410055 CEST	1.1.1.1	192.168.2.4	0x81fb	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Jul 4, 2024 20:20:22.693980932 CEST	1.1.1.1	192.168.2.4	0x1bd5	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 4, 2024 20:20:22.693980932 CEST	1.1.1.1	192.168.2.4	0x1bd5	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 4, 2024 20:20:23.231895924 CEST	1.1.1.1	192.168.2.4	0x9852	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 20:20:23.231895924 CEST	1.1.1.1	192.168.2.4	0x9852	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

79.141.36.131

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:07.111138105 CEST	428	OUT	GET / HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:08.567265034 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: text/html; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 22 3e 0d 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 64 6f 63 4a 75 6d 70 22 20 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 20 68 72 65 66 3d 22 73 77 6c 5f 73 74 79 6c 65 73 2d 36 2e 32 2e 35 2d 34 31 38 34 37 32 36 33 32 37 2e 63 73 73 22 20 54 59 50 45 3d 22 74 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="Content-Type" content="text/html"><title>Document Moved</title><meta name="id" content="docJump" ><link rel=stylesheet href="swl_styles-6.2.5-4184726327.css" TYPE="text/css"><link rel=stylesheet href="swl_login-6.2.5-2193764341.css" TYPE="text/css"><script type="text/JavaScript">var resetSecureFlag = false;setTimeout("goJump();", 1000);function goJump() {var jumpURL = "https://79.141.36.131/auth.html";var jumpProt = jumpURL.substr(0,6).toLowerCase();var ix;if (jumpProt.substr(0,4) == "http" && (ix = jumpProt.indexOf(":")) != -1) {jumpProt = jumpProt.substr(0,ix+1);if (location.protocol.toLowerCase() != jumpProt) {window.opener = null;top.opener = null;}}if (resetSec
Jul 4, 2024 20:20:08.567291975 CEST	264	IN	Data Raw: 75 72 65 46 6c 61 67 29 20 7b 0d 0a 09 09 76 61 72 20 73 65 73 73 49 64 20 3d 20 67 65 74 43 6f 6f 6b 69 65 28 22 53 65 73 73 49 64 22 29 3b 0d 0a 09 09 76 61 72 20 70 61 67 65 53 65 65 64 20 3d 20 73 77 6c 53 74 6f 72 65 2e 67 65 74 28 22 50 61 Data Ascii: ureFlag) {var sessId = getCookie("SessId");var pageSeed = swlStore.get("PageSeed", {isGlobal: true});if (sessId) { setCookieExt("SessId", sessId, { strictSameSite: true }); }if (pageSeed) { swlStore.set("PageSeed", pageSeed, {i
Jul 4, 2024 20:20:08.567303896 CEST	264	IN	Data Raw: 75 72 65 46 6c 61 67 29 20 7b 0d 0a 09 09 76 61 72 20 73 65 73 73 49 64 20 3d 20 67 65 74 43 6f 6f 6b 69 65 28 22 53 65 73 73 49 64 22 29 3b 0d 0a 09 09 76 61 72 20 70 61 67 65 53 65 65 64 20 3d 20 73 77 6c 53 74 6f 72 65 2e 67 65 74 28 22 50 61 Data Ascii: ureFlag) {var sessId = getCookie("SessId");var pageSeed = swlStore.get("PageSeed", {isGlobal: true});if (sessId) { setCookieExt("SessId", sessId, { strictSameSite: true }); }if (pageSeed) { swlStore.set("PageSeed", pageSeed, {i
Jul 4, 2024 20:20:08.567419052 CEST	1236	IN	Data Raw: 7d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 6a 75 6d 70 55 52 4c 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 6f 6b 69 65 28 6b 65 79 2c 20 76 61 6c 75 65 29 20 7b 0d 0a 20 20 76 61 72 20 61 72 67 76 20 Data Ascii: }top.location.href = jumpURL;}function setCookie(key, value) { var argv = setCookie.arguments; var argc = setCookie.arguments.length; var expires = (argc > 2) ? argv[2] : null; var path = (argc > 3) ? argv[3] : null; var
Jul 4, 2024 20:20:08.567476988 CEST	397	IN	Data Raw: 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 6c 6f 67 6f 5f 73 77 2e 70 6e 67 22 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 5f 70 72 6f 64 6e 61 6d 65 22 3e 0d 0a 09 09 09 09 4e 65 74 77 6f 72 Data Ascii: <img src="logo_sw.png"></div><div class="login_prodname">Network Security Appliance</div><div class="vgap48"></div><div class="login_msg_header">Please be patient as you are being re-directed to <a href=
Jul 4, 2024 20:20:08.567614079 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: text/html; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 22 3e 0d 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 64 6f 63 4a 75 6d 70 22 20 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 20 68 72 65 66 3d 22 73 77 6c 5f 73 74 79 6c 65 73 2d 36 2e 32 2e 35 2d 34 31 38 34 37 32 36 33 32 37 2e 63 73 73 22 20 54 59 50 45 3d 22 74 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="Content-Type" content="text/html"><title>Document Moved</title><meta name="id" content="docJump" ><link rel=stylesheet href="swl_styles-6.2.5-4184726327.css" TYPE="text/css"><link rel=stylesheet href="swl_login-6.2.5-2193764341.css" TYPE="text/css"><script type="text/JavaScript">var resetSecureFlag = false;setTimeout("goJump();", 1000);function goJump() {var jumpURL = "https://79.141.36.131/auth.html";var jumpProt = jumpURL.substr(0,6).toLowerCase();var ix;if (jumpProt.substr(0,4) == "http" && (ix = jumpProt.indexOf(":")) != -1) {jumpProt = jumpProt.substr(0,ix+1);if (location.protocol.toLowerCase() != jumpProt) {window.opener = null;top.opener = null;}}if (resetSec
Jul 4, 2024 20:20:08.568341017 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: text/html; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 22 3e 0d 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 64 6f 63 4a 75 6d 70 22 20 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 20 68 72 65 66 3d 22 73 77 6c 5f 73 74 79 6c 65 73 2d 36 2e 32 2e 35 2d 34 31 38 34 37 32 36 33 32 37 2e 63 73 73 22 20 54 59 50 45 3d 22 74 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="Content-Type" content="text/html"><title>Document Moved</title><meta name="id" content="docJump" ><link rel=stylesheet href="swl_styles-6.2.5-4184726327.css" TYPE="text/css"><link rel=stylesheet href="swl_login-6.2.5-2193764341.css" TYPE="text/css"><script type="text/JavaScript">var resetSecureFlag = false;setTimeout("goJump();", 1000);function goJump() {var jumpURL = "https://79.141.36.131/auth.html";var jumpProt = jumpURL.substr(0,6).toLowerCase();var ix;if (jumpProt.substr(0,4) == "http" && (ix = jumpProt.indexOf(":")) != -1) {jumpProt = jumpProt.substr(0,ix+1);if (location.protocol.toLowerCase() != jumpProt) {window.opener = null;top.opener = null;}}if (resetSec
Jul 4, 2024 20:20:08.574165106 CEST	1236	IN	Data Raw: 7d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 6a 75 6d 70 55 52 4c 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 6f 6b 69 65 28 6b 65 79 2c 20 76 61 6c 75 65 29 20 7b 0d 0a 20 20 76 61 72 20 61 72 67 76 20 Data Ascii: }top.location.href = jumpURL;}function setCookie(key, value) { var argv = setCookie.arguments; var argc = setCookie.arguments.length; var expires = (argc > 2) ? argv[2] : null; var path = (argc > 3) ? argv[3] : null; var
Jul 4, 2024 20:20:08.574177980 CEST	397	IN	Data Raw: 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 6c 6f 67 6f 5f 73 77 2e 70 6e 67 22 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 5f 70 72 6f 64 6e 61 6d 65 22 3e 0d 0a 09 09 09 09 4e 65 74 77 6f 72 Data Ascii: <img src="logo_sw.png"></div><div class="login_prodname">Network Security Appliance</div><div class="vgap48"></div><div class="login_msg_header">Please be patient as you are being re-directed to <a href=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:08.588725090 CEST	344	OUT	GET /swl_styles-6.2.5-4184726327.css HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://79.141.36.131/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:08.779198885 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:08 GMT Content-type: text/css; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Data Raw: 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0a 20 2a 20 6e 6f 72 6d 61 6c 69 7a 65 64 20 74 79 70 6f 67 72 61 70 68 79 0a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 74 79 70 6f 2d 68 65 61 64 6c 69 6e 65 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 35 64 38 34 3b 7d 0a 2e 74 79 70 6f 2d 74 69 74 6c 65 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 3b 20 63 6f 6c 6f 72 3a 20 23 35 35 35 3b 7d 0a 2e 74 79 70 6f 2d 62 6f 64 79 2d 68 65 61 64 69 6e 67 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 [TRUNCATED] Data Ascii: /************************** ************************** * normalized typography ***************************/.typo-headline {font-size: 18px; font-weight: normal; line-height: 1.5; color: #005d84;}.typo-title {font-size: 15px; font-weight: normal; line-height: 1.2; color: #555;}.typo-body-heading {font-size: 15px; font-weight: bold; line-height: 1.2; color: #000;}.typo-body-subheading {font-size: 15px; font-weight: normal; line-height: 1.2; color: #000;}.typo-body-2 {font-size: 13px; font-weight: bold; line-height: 1.2; color: #000;}.typo-body-1 {font-size: 13px; font-weight: normal; line-height: 1.2; color: #000;}.typo-body-subtext {font-size: 13px; font-weight: normal; line-height: 1.2; color: #777;}.typo-caption {font-size: 11px; font-weight: normal; line-height: 1.3; color: #666;}.typo-button {font-size: 13px; font-weight: normal; line-height: 1.2; color: #555; text-transform: uppercase;}.typo-menu-1 {font-size: 15px; font-weight: normal; line-height: 1.2; color: #7
Jul 4, 2024 20:20:08.779213905 CEST	1236	IN	Data Raw: 37 37 3b 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 7d 0a 2e 74 79 70 6f 2d 6d 65 6e 75 2d 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 Data Ascii: 77; text-transform: uppercase;}.typo-menu-2 {font-size: 11px; font-weight: bold; line-height: 1.3; color: #000;}.typo-menu-3 {font-size: 11px; font-weight: normal; line-height: 1.3; color: #000;}.typo-title-padding {padding: 20px 0px 10px
Jul 4, 2024 20:20:08.779227018 CEST	376	IN	Data Raw: 73 74 79 6c 65 73 20 2a 2f 0a 61 2c 0a 64 69 76 20 61 2e 63 6f 6e 74 65 6e 74 4c 69 6e 6b 20 7b 0a 09 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 09 63 6f 6c 6f 72 3a 20 23 32 31 38 34 43 37 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 Data Ascii: styles */a,div a.contentLink {cursor: pointer;color: #2184C7;text-decoration: none;}a:hover,div a.contentLink:hover,a:focus,div a.contentLink:focus {color: #2184C7;text-decoration: underline;}.blue_bg {font-size: 10px;
Jul 4, 2024 20:20:08.864660025 CEST	1236	IN	Data Raw: 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 73 70 61 6e 2e 74 61 62 6c 65 4c 69 6e 6b 3a 68 6f 76 65 72 20 7b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 Data Ascii: olor: #000;text-decoration: none;}span.tableLink:hover {text-decoration: underline;}a.tableLink img,span.tableLink img {vertical-align: bottom;}span.link {color: #2184C7;cursor: pointer;}span.link:hover {color: #2184C7;
Jul 4, 2024 20:20:08.864697933 CEST	1236	IN	Data Raw: 6f 6e 65 6e 74 20 73 74 79 6c 65 73 0a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 0a 2f 2a 2a 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 0a 20 2a 20 6e 65 77 20 62 Data Ascii: onent styles *************************//++++++++++++++++++++++++++ * new button styles */.snwl-btn {box-sizing: border-box;cursor: pointer;height:32px;padding:0 16px 0 16px;border-radius:2px;color:#555;background-color:
Jul 4, 2024 20:20:08.864710093 CEST	1236	IN	Data Raw: 74 69 6c 65 73 20 2e 73 6e 77 6c 2d 62 74 6e 2d 70 72 69 6d 61 72 79 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 32 33 32 33 32 3b 0a 09 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 32 33 32 33 32 3b 0a 7d 0a Data Ascii: tiles .snwl-btn-primary {background-color:#323232;border:1px solid #323232;}.snwl-btn-primary:hover,.snwl-btn-primary:focus,.footerBtnBar .snwl-btn-primary:hover,.footerBtnBar .snwl-btn-primary:focus,.tiles .snwl-btn-primary:hover,
Jul 4, 2024 20:20:08.864722013 CEST	564	IN	Data Raw: 61 79 65 72 2c 0a 09 20 2a 20 73 6f 20 61 6c 6c 20 65 6c 65 6d 65 6e 74 73 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 6f 76 65 72 6c 61 79 69 6e 67 20 6f 6e 20 69 74 20 2a 2f 0a 09 7a 2d 69 6e 64 65 78 3a 20 37 39 39 39 3b 0a 7d 0a 0a 2e 66 6f 6f 74 Data Ascii: ayer, * so all elements will not be overlaying on it /z-index: 7999;}.footerBtnBarInner {padding: 8px 16px 8px 16px;}/++++++++++++++++++++++++++ legacy view bar */div.legacyViewBar {display: -ms-flexbox;display: flex;
Jul 4, 2024 20:20:08.950733900 CEST	1236	IN	Data Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 7d 0a 0a 2f 2a 2a 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 0a 20 2a 20 6e 65 77 20 74 69 6c 65 20 73 74 79 6c 65 73 0a 20 2a 2f 0a 64 69 76 2e 74 69 6c 65 73 20 7b Data Ascii: margin-top: 0;}/*++++++++++++++++++++++++++ new tile styles */div.tiles {display: -ms-flexbox;display: flex;-ms-flex-pack: start;justify-content: flex-start;-ms-flex-align: stretch;align-items: stretch;width: 100%;min-
Jul 4, 2024 20:20:08.950766087 CEST	1236	IN	Data Raw: 3b 0a 7d 0a 0a 64 69 76 2e 74 69 6c 65 2d 31 2d 31 2c 0a 64 69 76 2e 74 69 6c 65 2d 63 2d 31 0a 7b 0a 09 2d 6d 73 2d 66 6c 65 78 3a 20 31 20 31 20 61 75 74 6f 3b 0a 09 66 6c 65 78 3a 20 31 20 31 20 61 75 74 6f 3b 0a 7d 0a 0a 64 69 76 2e 74 69 6c Data Ascii: ;}div.tile-1-1,div.tile-c-1{-ms-flex: 1 1 auto;flex: 1 1 auto;}div.tile-1-3,div.tile-c-3 {-ms-flex: 0 1 33.33%;flex: 0 1 33.33%;}div.tiles .tileParagraph {margin: 0;padding: 0 0 16px;}div.tiles ol.textList,div.tiles
Jul 4, 2024 20:20:08.950778961 CEST	1236	IN	Data Raw: 69 67 68 74 3a 20 33 32 70 78 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 2f 2a 2a 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 0a 20 2a 20 6f 6c 64 20 73 74 61 74 73 20 62 6f 78 0a Data Ascii: ight: 32px;font-weight: bold;}/*++++++++++++++++++++++++++ old stats box */.box_header {font-size: 11px;font-weight: bold;background-color: #ccc;}.box_header_no_bg {font-size: 11px;font-weight: bold;color: #ffffff;}
Jul 4, 2024 20:20:08.950825930 CEST	1236	IN	Data Raw: 0a 09 66 6c 65 78 3a 20 31 30 30 20 30 20 61 75 74 6f 3b 0a 7d 0a 0a 64 69 76 2e 73 65 63 74 69 6f 6e 48 65 61 64 65 72 43 6f 6e 74 61 69 6e 65 72 20 3e 20 64 69 76 2e 6d 61 72 67 69 6e 65 64 49 74 65 6d 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 Data Ascii: flex: 100 0 auto;}div.sectionHeaderContainer > div.marginedItem {margin-left: 24px;}.groupLabel {font-size: 18px;font-weight: normal;line-height: 1.5;color: #005d84;padding:32px 0 16px 0;vertical-align: bottom;}.groupL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:08.593765020 CEST	343	OUT	GET /swl_login-6.2.5-2193764341.css HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://79.141.36.131/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:10.193031073 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: text/css; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Data Raw: 62 6f 64 79 2c 20 70 2c 20 74 64 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 33 33 39 39 3b 0a 7d 0a 61 3a 68 6f 76 65 72 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 36 36 43 43 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 69 6d 61 67 65 22 5d 29 2c 20 73 65 6c 65 63 74 2c 20 62 75 74 74 6f 6e 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 09 2f 2a 20 75 73 65 20 62 6f 72 64 65 72 2d 62 6f 78 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 74 68 65 20 77 69 64 74 68 20 73 65 74 74 69 6e 67 20 66 6f 72 20 63 6f 6e 74 72 6f 6c 73 20 61 63 63 72 6f 73 73 20 61 6c 6c 20 62 72 6f 77 73 65 72 [TRUNCATED] Data Ascii: body, p, td {font-family: Tahoma, Arial, Verdana, sans-serif;font-size: 13px;color: #000000;line-height: 15px;}a {color: #003399;}a:hover {color: #0066CC;text-decoration: underline;}input:not([type="image"]), select, button, textarea {/* use border-box to simplify the width setting for controls accross all browsers */box-sizing: border-box !important;}.half_line_spacing {line-height: 6px;font-size: 6px;}.snwl-btn {cursor: pointer;height:32px;padding:0 16px 0 16px;border-radius:3px;color:#555;background-color:#eee;border:1px solid #999;min-width:72px;text-transform: uppercase;}.snwl-btn-condensed {font-size: 11px;min-width: initial;padding: 6px 8px;height: auto;}.snwl-btn:hover,.snwl-btn:focus {color:#555;background-color:#ccc;border:1px solid #2184c7;}.snwl-btn:active {color:#555;background-color:#bbb;border:1px solid #2184c7;}.snwl-btn:disabled {color:rgba(0, 0, 0, 0.26);background-color:rgba(0,
Jul 4, 2024 20:20:10.193041086 CEST	1236	IN	Data Raw: 20 30 2c 20 30 2c 20 30 2e 31 32 29 3b 0a 09 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 7d 0a 0a 2e 73 6e 77 6c 2d 62 74 6e 2d 70 72 69 6d 61 72 79 20 7b 0a 09 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 0a 09 62 61 63 6b Data Ascii: 0, 0, 0.12);border:1px solid #ccc;}.snwl-btn-primary {color:#ffffff;background-color:#323232;border:1px solid #323232;}.snwl-btn-primary:hover,.snwl-btn-primary:focus {color:#ffffff;background-color:#2a2a2a;border:1px sol
Jul 4, 2024 20:20:10.193049908 CEST	376	IN	Data Raw: 65 3a 20 75 72 6c 28 61 6c 65 72 74 5f 62 67 2e 67 69 66 29 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 7d 0a 23 69 6e 76 61 6c 69 64 Data Ascii: e: url(alert_bg.gif);background-repeat: no-repeat;text-align: left;}#invalid_text {margin-left: 45px;padding-top: 10px;padding-right: 10px;padding-bottom: 10px;}#popup_branding_bar {background-color: #005d84;margin: -15px -
Jul 4, 2024 20:20:10.193217993 CEST	376	IN	Data Raw: 65 3a 20 75 72 6c 28 61 6c 65 72 74 5f 62 67 2e 67 69 66 29 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 7d 0a 23 69 6e 76 61 6c 69 64 Data Ascii: e: url(alert_bg.gif);background-repeat: no-repeat;text-align: left;}#invalid_text {margin-left: 45px;padding-top: 10px;padding-right: 10px;padding-bottom: 10px;}#popup_branding_bar {background-color: #005d84;margin: -15px -
Jul 4, 2024 20:20:10.193797112 CEST	1236	IN	Data Raw: 29 20 2a 2f 0a 68 74 6d 6c 3e 62 6f 64 79 20 23 70 6f 70 75 70 5f 62 72 61 6e 64 69 6e 67 5f 62 61 72 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 64 38 34 3b 0a 09 6d 61 72 67 69 6e 3a 20 2d 31 30 70 78 20 2d 31 Data Ascii: ) */html>body #popup_branding_bar {background-color: #005d84;margin: -10px -10px 0;width: 110%;height: 42px;text-align: left;text-indent: 10px;display:none;}#popup_error_box {background-color: #ffffff;margin: 0px;margin
Jul 4, 2024 20:20:10.193806887 CEST	224	IN	Data Raw: 70 5f 62 6f 78 5f 74 69 74 6c 65 20 7b 0a 09 63 6f 6c 6f 72 3a 20 42 6c 61 63 6b 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 7d 0a 23 70 6f 70 75 70 5f 62 6f 78 Data Ascii: p_box_title {color: Black;text-align: center;padding-top: 10px;}#popup_box_err_msg {color: Black;font-weight: bold;text-align: center;}#popup_box_reflection {height: 30px;width: 520px;}/* tooltip suppo
Jul 4, 2024 20:20:10.193906069 CEST	1236	IN	Data Raw: 72 74 20 2a 2f 0a 2e 74 74 5f 74 61 62 6c 65 0a 7b 0a 09 68 65 69 67 68 74 3a 20 61 75 74 6f 3b 20 0a 09 63 6f 6c 6f 72 3a 23 30 30 30 3b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 56 65 72 64 61 6e Data Ascii: rt */.tt_table{height: auto; color:#000;font-family: Tahoma, Arial, Verdana, sans-serif;font-size : 11px;text-decoration:none;text-align:center;}.tt_top_left{background-image: url(swl_tt_top_left_corner.gif);background-re
Jul 4, 2024 20:20:10.193916082 CEST	1236	IN	Data Raw: 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 74 6f 70 20 72 69 67 68 74 3b 0a 09 77 69 64 74 68 3a 20 32 38 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 32 32 70 78 3b 0a 7d 0a 0a 2e 74 74 5f 62 6f 74 74 6f 6d 5f 72 69 67 68 74 5f 63 61 72 65 74 0a 7b 0a 09 Data Ascii: nd-position: top right;width: 28px;height: 22px;}.tt_bottom_right_caret{background-image: url(swl_tt_bottom_right_caret.png);background-repeat: no-repeat;background-position: top right;width: 28px;height: 22px;}.tt_bottom_
Jul 4, 2024 20:20:10.193924904 CEST	340	IN	Data Raw: 70 6f 70 75 70 0a 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 6c 6f 67 6f 5f 73 77 2e 70 6e 67 29 3b 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 62 6f 64 79 2e 70 6f 70 75 70 5f 65 72 72 6f 72 5f 62 67 20 64 69 Data Ascii: popup{background-image: url(logo_sw.png);border: 0;}body.popup_error_bg div.popup_branding_bar{background: none;}body.popup_error_bg img.logo_popup{background: none;}.blockLogo{width:110px;height:38px;background-imag
Jul 4, 2024 20:20:10.194235086 CEST	1236	IN	Data Raw: 20 7b 20 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 32 34 70 78 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 20 7d 0a 2e 76 67 61 70 33 32 20 7b 20 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 63 6c 65 61 72 3a 62 6f 74 Data Ascii: { width:100%;height:24px;clear:both; }.vgap32 { width:100%;height:32px;clear:both; }.vgap48 { width:100%;height:48px;clear:both; }.login_bg {background-color: #005d84;}.login_outer{width:323px;margin:0 auto 0 auto;margin-top:
Jul 4, 2024 20:20:10.194243908 CEST	986	IN	Data Raw: 6f 2d 72 65 70 65 61 74 3b 0a 09 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 77 69 64 74 68 3a 20 32 34 70 78 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 38 70 Data Ascii: o-repeat;height: 24px;width: 24px;vertical-align: middle;padding-right: 8px; }.error_box {width: 100%;height:48px;color: #000000;font-weight:bold;background-image: url(exclamation_24.png);background-repeat: no-repea
Jul 4, 2024 20:20:10.194384098 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: text/css; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Data Raw: 62 6f 64 79 2c 20 70 2c 20 74 64 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 33 33 39 39 3b 0a 7d 0a 61 3a 68 6f 76 65 72 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 36 36 43 43 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 69 6d 61 67 65 22 5d 29 2c 20 73 65 6c 65 63 74 2c 20 62 75 74 74 6f 6e 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 09 2f 2a 20 75 73 65 20 62 6f 72 64 65 72 2d 62 6f 78 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 74 68 65 20 77 69 64 74 68 20 73 65 74 74 69 6e 67 20 66 6f 72 20 63 6f 6e 74 72 6f 6c 73 20 61 63 63 72 6f 73 73 20 61 6c 6c 20 62 72 6f 77 73 65 72 [TRUNCATED] Data Ascii: body, p, td {font-family: Tahoma, Arial, Verdana, sans-serif;font-size: 13px;color: #000000;line-height: 15px;}a {color: #003399;}a:hover {color: #0066CC;text-decoration: underline;}input:not([type="image"]), select, button, textarea {/* use border-box to simplify the width setting for controls accross all browsers */box-sizing: border-box !important;}.half_line_spacing {line-height: 6px;font-size: 6px;}.snwl-btn {cursor: pointer;height:32px;padding:0 16px 0 16px;border-radius:3px;color:#555;background-color:#eee;border:1px solid #999;min-width:72px;text-transform: uppercase;}.snwl-btn-condensed {font-size: 11px;min-width: initial;padding: 6px 8px;height: auto;}.snwl-btn:hover,.snwl-btn:focus {color:#555;background-color:#ccc;border:1px solid #2184c7;}.snwl-btn:active {color:#555;background-color:#bbb;border:1px solid #2184c7;}.snwl-btn:disabled {color:rgba(0, 0, 0, 0.26);background-color:rgba(0,
Jul 4, 2024 20:20:10.196006060 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: text/css; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Data Raw: 62 6f 64 79 2c 20 70 2c 20 74 64 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 41 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 33 33 39 39 3b 0a 7d 0a 61 3a 68 6f 76 65 72 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 36 36 43 43 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 69 6d 61 67 65 22 5d 29 2c 20 73 65 6c 65 63 74 2c 20 62 75 74 74 6f 6e 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 09 2f 2a 20 75 73 65 20 62 6f 72 64 65 72 2d 62 6f 78 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 74 68 65 20 77 69 64 74 68 20 73 65 74 74 69 6e 67 20 66 6f 72 20 63 6f 6e 74 72 6f 6c 73 20 61 63 63 72 6f 73 73 20 61 6c 6c 20 62 72 6f 77 73 65 72 [TRUNCATED] Data Ascii: body, p, td {font-family: Tahoma, Arial, Verdana, sans-serif;font-size: 13px;color: #000000;line-height: 15px;}a {color: #003399;}a:hover {color: #0066CC;text-decoration: underline;}input:not([type="image"]), select, button, textarea {/* use border-box to simplify the width setting for controls accross all browsers */box-sizing: border-box !important;}.half_line_spacing {line-height: 6px;font-size: 6px;}.snwl-btn {cursor: pointer;height:32px;padding:0 16px 0 16px;border-radius:3px;color:#555;background-color:#eee;border:1px solid #999;min-width:72px;text-transform: uppercase;}.snwl-btn-condensed {font-size: 11px;min-width: initial;padding: 6px 8px;height: auto;}.snwl-btn:hover,.snwl-btn:focus {color:#555;background-color:#ccc;border:1px solid #2184c7;}.snwl-btn:active {color:#555;background-color:#bbb;border:1px solid #2184c7;}.snwl-btn:disabled {color:rgba(0, 0, 0, 0.26);background-color:rgba(0,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:08.593822956 CEST	370	OUT	GET /logo_sw.png HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://79.141.36.131/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:10.193094969 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: image/png; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 1a 08 06 00 00 00 4b ba 95 f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 28 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDRKtEXtSoftwareAdobe ImageReadyqe<(iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'OdIDATx[US>P)L))Y!/C"D2E$)C)C2{4yu}}=VuZ%I/rRub [TRUNCATED]
Jul 4, 2024 20:20:10.193136930 CEST	224	IN	Data Raw: 76 3e d0 11 68 06 d4 00 7e 00 3e 00 9e 07 66 41 ce e6 14 32 5e 43 d6 17 f5 7e 8a d0 5f 63 64 5f 02 4f a1 7e be f5 db 87 cc 51 7e 44 04 39 c7 23 eb 05 b4 05 f6 06 76 02 7e 04 96 00 33 80 42 c8 f9 5b 75 59 6f 9a d1 fc 11 fc 36 28 40 6e 35 64 6b 80 Data Ascii: v>h~>fA2^C~_cd_O~Q~D9#v~3B[uYo6(@n5dkA}SQoV8MmrGhSn:#HOxS"O-@>GC+.=iA-E)uQoa2.4_n&s
Jul 4, 2024 20:20:10.193149090 CEST	1236	IN	Data Raw: de 61 6a 36 0b f8 d3 10 d3 53 44 72 a5 76 06 b9 fc ba f1 80 ba 27 1a e4 62 7a 36 a0 de b9 d6 7d fe f6 d6 54 20 5e 11 b2 15 7a fe 79 c0 16 96 fb 13 25 31 fa 03 05 c0 7e a8 dc 1f 18 02 f4 c5 7d 23 a0 1f 50 06 ec 19 44 2e 11 b2 40 5a ef 62 60 37 b4 Data Ascii: aj6SDrv'bz6}T ^zy%1~}#PD.@Zb`7?h]x,DSS8"Wsdmb-6>cnQ$PnzY\cqXdXPcX"m&}J,^b&8xy$FhtE_F92/.?p?Q@.Cs
Jul 4, 2024 20:20:10.193156958 CEST	152	IN	Data Raw: 31 ed 1a 71 63 9c 16 20 6f b5 fc 55 57 4a 58 75 f9 c1 c0 9c 80 ba cf 1a 84 ed 93 62 38 7f e9 04 c9 c3 44 bd 7b cb 5a 0f 99 bd b9 a9 b7 7c 4b 43 ef e7 64 cd 0e d9 12 13 f3 4d e4 ad 32 37 c3 65 12 5d e9 7a e5 73 ac 05 db 88 b6 7d 64 76 a6 e0 9a 9a Data Ascii: 1qc oUWJXub8D{Z\|KCdM27e]zs}dv5&*`H9wW)tOa`m5?35:Lj7t
Jul 4, 2024 20:20:10.193224907 CEST	152	IN	Data Raw: 31 ed 1a 71 63 9c 16 20 6f b5 fc 55 57 4a 58 75 f9 c1 c0 9c 80 ba cf 1a 84 ed 93 62 38 7f e9 04 c9 c3 44 bd 7b cb 5a 0f 99 bd b9 a9 b7 7c 4b 43 ef e7 64 cd 0e d9 12 13 f3 4d e4 ad 32 37 c3 65 12 5d e9 7a e5 73 ac 05 db 88 b6 7d 64 76 a6 e0 9a 9a Data Ascii: 1qc oUWJXub8D{Z\|KCdM27e]zs}dv5&*`H9wW)tOa`m5?35:Lj7t
Jul 4, 2024 20:20:10.193964958 CEST	586	IN	Data Raw: 41 89 a6 ef 7e 1e bc a0 99 4a ff 1b 63 c7 42 85 42 6a 1b 31 b1 7b 43 e4 dc a7 2f 25 fe e7 3e e8 b0 e7 4a 8c 93 ba 0e 11 2b d1 e6 82 30 82 f1 9d 17 3f 21 e9 06 01 0f 23 7f 49 8e 30 3f 4f 39 14 18 22 55 3e 15 82 e6 3b 1e d6 47 68 d7 51 66 94 ef eb Data Ascii: A~JcBBj1{C/%>J+0?!#I0?O9"U>;GhQf.3RiM4%TD &4E01dD8KyzX\|/J(igIyZ08/H%b9pXr-JB(n8j~Y7rJG{!bxa]\|M<oEzsA
Jul 4, 2024 20:20:10.194422007 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: image/png; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 1a 08 06 00 00 00 4b ba 95 f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 28 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDRKtEXtSoftwareAdobe ImageReadyqe<(iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'OdIDATx[US>P)L))Y!/C"D2E$)C)C2{4yu}}=VuZ%I/rRub [TRUNCATED]
Jul 4, 2024 20:20:10.195996046 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:09 GMT Content-type: image/png; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 1a 08 06 00 00 00 4b ba 95 f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 28 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDRKtEXtSoftwareAdobe ImageReadyqe<(iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'OdIDATx[US>P)L))Y!/C"D2E$)C)C2{4yu}}=VuZ%I/rRub [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:10.780008078 CEST	370	OUT	GET /favicon.ico HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://79.141.36.131/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:11.421245098 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: (null)/ico; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 04 0e 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 31 31 20 37 39 2e 31 35 38 33 32 35 2c 20 32 30 31 35 2f 30 39 2f 31 30 2d 30 31 3a 31 30 3a 32 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="uuid:5D20892493BFDB11914A8590D31508C8" xmpMM:DocumentID="xmp.did:AE63E57A843E11E69E66BB3D1BBB34E1" xmpMM:InstanceID="xmp.iid:AE63E579843E11E69E66BB3D1BBB34E1" xmp:CreatorTool="Adobe Illustrator CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d16989d-1431-469e-8776-63214b678e7e" stRef:documentID="xmp.did:725ddc26-be34-4392-a11c-590eab49a6bb"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">SonicWall_logo_swoo [TRUNCATED]
Jul 4, 2024 20:20:11.421998024 CEST	440	IN	Data Raw: 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e b1 1f e6 4e 00 00 01 6b 49 44 41 54 78 da ec d6 cf 2b 04 61 1c c7 f1 dd 6d e5 22 3f 0a 39 ed 81 12 Data Ascii: tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>NkIDATx+am"?9{"3)]RRn8(Eqr\4"N==\|U3w3OuoVLhyP_5ZPjQ2"x#dUz9~CCS}}"/@rqS\bFrK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:10.937582970 CEST	277	OUT	GET /logo_sw.png HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:11.596529007 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Cache-Control: private Expires: Thu, 04 Jul 2024 21:08:11 GMT Content-type: image/png; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 1a 08 06 00 00 00 4b ba 95 f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 28 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDRKtEXtSoftwareAdobe ImageReadyqe<(iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:17102346065411E7AF85C2DCE990C214" xmpMM:DocumentID="xmp.did:17102347065411E7AF85C2DCE990C214"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:17102344065411E7AF85C2DCE990C214" stRef:documentID="xmp.did:17102345065411E7AF85C2DCE990C214"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>'OdIDATx[US>P)L))Y!/C"D2E$)C)C2{4yu}}=VuZ%I/rRub [TRUNCATED]
Jul 4, 2024 20:20:11.596560955 CEST	224	IN	Data Raw: 76 3e d0 11 68 06 d4 00 7e 00 3e 00 9e 07 66 41 ce e6 14 32 5e 43 d6 17 f5 7e 8a d0 5f 63 64 5f 02 4f a1 7e be f5 db 87 cc 51 7e 44 04 39 c7 23 eb 05 b4 05 f6 06 76 02 7e 04 96 00 33 80 42 c8 f9 5b 75 59 6f 9a d1 fc 11 fc 36 28 40 6e 35 64 6b 80 Data Ascii: v>h~>fA2^C~_cd_O~Q~D9#v~3B[uYo6(@n5dkA}SQoV8MmrGhSn:#HOxS"O-@>GC+.=iA-E)uQoa2.4_n&s
Jul 4, 2024 20:20:11.596596956 CEST	1236	IN	Data Raw: de 61 6a 36 0b f8 d3 10 d3 53 44 72 a5 76 06 b9 fc ba f1 80 ba 27 1a e4 62 7a 36 a0 de b9 d6 7d fe f6 d6 54 20 5e 11 b2 15 7a fe 79 c0 16 96 fb 13 25 31 fa 03 05 c0 7e a8 dc 1f 18 02 f4 c5 7d 23 a0 1f 50 06 ec 19 44 2e 11 b2 40 5a ef 62 60 37 b4 Data Ascii: aj6SDrv'bz6}T ^zy%1~}#PD.@Zb`7?h]x,DSS8"Wsdmb-6>cnQ$PnzY\cqXdXPcX"m&}J,^b&8xy$FhtE_F92/.?p?Q@.Cs
Jul 4, 2024 20:20:11.596647024 CEST	152	IN	Data Raw: 31 ed 1a 71 63 9c 16 20 6f b5 fc 55 57 4a 58 75 f9 c1 c0 9c 80 ba cf 1a 84 ed 93 62 38 7f e9 04 c9 c3 44 bd 7b cb 5a 0f 99 bd b9 a9 b7 7c 4b 43 ef e7 64 cd 0e d9 12 13 f3 4d e4 ad 32 37 c3 65 12 5d e9 7a e5 73 ac 05 db 88 b6 7d 64 76 a6 e0 9a 9a Data Ascii: 1qc oUWJXub8D{Z\|KCdM27e]zs}dv5&*`H9wW)tOa`m5?35:Lj7t
Jul 4, 2024 20:20:11.683073997 CEST	586	IN	Data Raw: 41 89 a6 ef 7e 1e bc a0 99 4a ff 1b 63 c7 42 85 42 6a 1b 31 b1 7b 43 e4 dc a7 2f 25 fe e7 3e e8 b0 e7 4a 8c 93 ba 0e 11 2b d1 e6 82 30 82 f1 9d 17 3f 21 e9 06 01 0f 23 7f 49 8e 30 3f 4f 39 14 18 22 55 3e 15 82 e6 3b 1e d6 47 68 d7 51 66 94 ef eb Data Ascii: A~JcBBj1{C/%>J+0?!#I0?O9"U>;GhQf.3RiM4%TD &4E01dD8KyzX\|/J(igIyZ08/H%b9pXr-JB(n8j~Y7rJG{!bxa]\|M<oEzsA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	79.141.36.131	80	5900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 4, 2024 20:20:12.332350969 CEST	277	OUT	GET /favicon.ico HTTP/1.1 Host: 79.141.36.131 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 4, 2024 20:20:12.962723017 CEST	1236	IN	HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: (null)/ico; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 04 0e 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 31 31 20 37 39 2e 31 35 38 33 32 35 2c 20 32 30 31 35 2f 30 39 2f 31 30 2d 30 31 3a 31 30 3a 32 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="uuid:5D20892493BFDB11914A8590D31508C8" xmpMM:DocumentID="xmp.did:AE63E57A843E11E69E66BB3D1BBB34E1" xmpMM:InstanceID="xmp.iid:AE63E579843E11E69E66BB3D1BBB34E1" xmp:CreatorTool="Adobe Illustrator CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d16989d-1431-469e-8776-63214b678e7e" stRef:documentID="xmp.did:725ddc26-be34-4392-a11c-590eab49a6bb"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">SonicWall_logo_swoo [TRUNCATED]
Jul 4, 2024 20:20:12.962788105 CEST	440	IN	Data Raw: 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e b1 1f e6 4e 00 00 01 6b 49 44 41 54 78 da ec d6 cf 2b 04 61 1c c7 f1 dd 6d e5 22 3f 0a 39 ed 81 12 Data Ascii: tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>NkIDATx+am"?9{"3)]RRn8(Eqr\4"N==\|U3w3OuoVLhyP_5ZPjQ2"x#dUz9~CCS}}"/@rqS\bFrK

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 18:20:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 18:20:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=251373 Date: Thu, 04 Jul 2024 18:20:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49749	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 18:20:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 18:20:12 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=251294 Date: Thu, 04 Jul 2024 18:20:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-04 18:20:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	14:20:02
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	14:20:04
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1920,i,17782492426435082122,11014265628937219128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	14:20:06
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://79.141.36.131"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://79.141.36.131

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3220, Parent PID: 3704

General

Chronological Activities

Analysis Process: chrome.exePID: 5900, Parent PID: 3220

General

Chronological Activities

Windows Analysis Report
http://79.141.36.131