Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.28328.4566

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.28328.4566 (renamed file extension from 4566 to dll)
Analysis ID:510682
MD5:d0efc72dad5672591a494c15ab074463
SHA1:4489c041b31862a797a277c2d3f65e53c55d4e27
SHA256:c16c257b6858f74dfba0685a833f4966ccc8e9d4d25d8c0c052109187e37c3ac
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6392 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6424 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6452 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6436 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6620 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6668 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.347040697.0000000004850000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000006.00000003.384482300.0000000002E50000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.784194713.000000006E511000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000000.00000003.388197619.0000000000560000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000003.347778721.0000000000580000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.3.rundll32.exe.2e6db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              6.3.rundll32.exe.2e6db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                5.3.rundll32.exe.2eadb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  3.3.rundll32.exe.59db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    0.3.loaddll32.exe.57db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.6e510000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllVirustotal: Detection: 7%Perma Link
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49771 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.784937216.000000006E5D7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.786186037.000000006E5D7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28328.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53CEF8 FindFirstFileExW,0_2_6E53CEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4857Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.7:49768 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.7:49777 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.7:49781 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:46:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:47:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabx?
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enp
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/A
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.571195607.0000000000785000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, rundll32.exeString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/G
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/U
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/Z
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/c
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/h
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.631441493.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/q
                      Source: loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/x
                      Source: loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://18192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/)
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.680511463.000000000077E000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/9
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Q
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/a
                      Source: loaddll32.exe, 00000000.00000003.579545200.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.623291100.000000000077D000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.462282089.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.419169035.0000000000785000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220//
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/;
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/B
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/M
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/R
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/V
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Y
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/_
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/a
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.487595623.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllB
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/en-US
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/f
                      Source: rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000003.00000003.625741355.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/u
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/z
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/l
                      Source: loaddll32.exe, 00000000.00000002.780748710.0000000000718000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.604185957.000000000077D000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/
                      Source: loaddll32.exe, 00000000.00000003.503888662.000000000077C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/6/Q
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/6/a
                      Source: rundll32.exe, 00000003.00000003.774804803.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/7
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.785750413.0000000004A0C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/b
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.637471085.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000002.781170560.0000000000775000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/i
                      Source: rundll32.exe, 00000003.00000003.642654981.0000000004A10000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/o
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/q
                      Source: loaddll32.exe, 00000000.00000003.437725694.0000000000784000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.713710363.0000000004A0F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/y
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4869Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5439F9 InternetReadFile,0_2_6E5439F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.7:49771 version: TLS 1.2
                      Source: loaddll32.exe, 00000000.00000002.780716842.000000000070B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 6.3.rundll32.exe.2e6db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.2e6db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.2eadb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.59db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.57db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e510000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.486db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e510000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.59db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.57db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.486db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.2eadb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000003.347040697.0000000004850000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.384482300.0000000002E50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.784194713.000000006E511000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.388197619.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.347778721.0000000000580000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.366765780.0000000002E90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.785930808.000000006E511000.00000020.00020000.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5151A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,0_2_6E5151A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5267C80_2_6E5267C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5312400_2_6E531240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E519E700_2_6E519E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E529E700_2_6E529E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52A6600_2_6E52A660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5376600_2_6E537660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E532E600_2_6E532E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51CA100_2_6E51CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53FA100_2_6E53FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5302200_2_6E530220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53D6200_2_6E53D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E516AD00_2_6E516AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5296D00_2_6E5296D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E533EC00_2_6E533EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53FA100_2_6E53FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52B6F00_2_6E52B6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528EF00_2_6E528EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5362F00_2_6E5362F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52F6E00_2_6E52F6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52AE800_2_6E52AE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528AB00_2_6E528AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5326B00_2_6E5326B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E531EB00_2_6E531EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52BF500_2_6E52BF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E539B100_2_6E539B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E533B000_2_6E533B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5317300_2_6E531730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5283C00_2_6E5283C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E527FC00_2_6E527FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E537FC00_2_6E537FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52E3F00_2_6E52E3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52D0300_2_6E52D030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5310200_2_6E531020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51ACD00_2_6E51ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52A0D00_2_6E52A0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5298DA0_2_6E5298DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5288C00_2_6E5288C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E528CC00_2_6E528CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E535CB00_2_6E535CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52E0A00_2_6E52E0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E534CA00_2_6E534CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5350A00_2_6E5350A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53DCA00_2_6E53DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5115700_2_6E511570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5275640_2_6E527564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52FDD00_2_6E52FDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5389F00_2_6E5389F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5371F00_2_6E5371F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52C5900_2_6E52C590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E52D9800_2_6E52D980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53D1800_2_6E53D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E51F9A00_2_6E51F9A0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F83_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F83_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F83_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_00DCE8F83_3_00DCE8F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006DE42D3_3_006DE42D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006EE3E83_3_006EE3E8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006ED8FF3_3_006ED8FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE3_3_006E94AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_3_006E94AE3_3_006E94AE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E5222A0 NtDelayExecution,0_2_6E5222A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E53BE30 NtClose,0_2_6E53BE30
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllVirustotal: Detection: 7%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,BluewingJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,EarthJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,MasterjustJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.28328.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.4566Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.28328.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.784937216.000000006E5D7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.786186037.000000006E5D7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.28328.dll