Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.25006.28161

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.25006.28161 (renamed file extension from 28161 to dll)
Analysis ID:510684
MD5:78a0cdfef15a263e2821424593ccdcd5
SHA1:23a3296897b37cc82088392a2a1762d1c7ead3f0
SHA256:cfc9aa38844f62683f820c97371077d47a63b77ea093367a827b1315e9546a50
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6500 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6524 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6544 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6532 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6584 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6600 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.25006.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.779089612.0000000004C10000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000000.00000002.1194485552.000000006E3B1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000003.784553860.0000000000780000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000003.00000002.1197217588.000000006E3B1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000003.752228800.0000000004950000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.3.rundll32.exe.4c2db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              5.3.rundll32.exe.a6db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                3.3.rundll32.exe.496db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  3.2.rundll32.exe.6e3b0000.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    2.3.rundll32.exe.4a9db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.3.loaddll32.exe.79db55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.25006.dllVirustotal: Detection: 9%Perma Link
                      Source: SecuriteInfo.com.Variant.Razy.980776.25006.dllReversingLabs: Detection: 39%
                      Source: SecuriteInfo.com.Variant.Razy.980776.25006.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:50217 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.25006.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1208261330.000000006E477000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1199733251.000000006E477000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.25006.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DCEF8 FindFirstFileExW,0_2_6E3DCEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.4:49782 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.4:49788 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.4:49790 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:48:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:49:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:50:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:51:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:52:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: rundll32.exe, 00000003.00000003.794272276.0000000000FCA000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.789261071.0000000000F8D000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.854639892.00000000008B5000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000000.00000002.1188340275.0000000000878000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.796240223.0000000000F88000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000003.00000003.796430031.00000000053DE000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ddb50579119bf
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabj
                      Source: loaddll32.exe, 00000000.00000003.1075937158.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://14.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/iG
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.883045834.0000000000FED000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/$
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/(
                      Source: loaddll32.exe, 00000000.00000003.854569663.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.909234688.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/My
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/9O
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/H
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/Q
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/_
                      Source: loaddll32.exe, 00000000.00000003.882972494.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/em32
                      Source: loaddll32.exe, 00000000.00000003.854569663.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/f
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.1140521108.0000000000F88000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.1179012306.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.866464673.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy(
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hypA
                      Source: loaddll32.exe, 00000000.00000003.1102121755.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/k
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.882972494.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.883045834.0000000000FED000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.854569663.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l:
                      Source: rundll32.exe, 00000003.00000003.883164157.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/la
                      Source: loaddll32.exe, 00000000.00000003.1009429682.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lpA
                      Source: loaddll32.exe, 00000000.00000003.1001114476.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/o
                      Source: loaddll32.exe, 00000000.00000002.1188425853.00000000008DE000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.1052138868.0000000000F88000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.883164157.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000003.909375462.0000000000951000.00000004.00000001.sdmpString found in binary or memory: https://182.46.210.220/
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/versal
                      Source: loaddll32.exe, 00000000.00000003.807020733.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1185809780.0000000000FED000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.1017606590.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4853
                      Source: rundll32.exe, 00000003.00000003.883094862.0000000001001000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/61
                      Source: loaddll32.exe, 00000000.00000003.1001114476.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/853
                      Source: loaddll32.exe, 00000000.00000003.866464673.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1017606590.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: rundll32.exe, 00000003.00000003.883094862.0000000001001000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/N1
                      Source: loaddll32.exe, 00000000.00000003.840550486.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/P
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/_
                      Source: loaddll32.exe, 00000000.00000003.807020733.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ertificate
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.935924699.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/th:
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.1052138868.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.1017606590.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/#S
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/)A
                      Source: loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220//S
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/0
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/131208120000Z
                      Source: loaddll32.exe, 00000000.00000003.1001114476.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/3S
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1197121469.00000000053DA000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.1075937158.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/9
                      Source: loaddll32.exe, 00000000.00000003.1102121755.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/?S
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/A
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/B
                      Source: loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/C
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.1140521108.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: rundll32.exe, 00000003.00000003.1052138868.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Ezi
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/FB
                      Source: rundll32.exe, 00000003.00000003.1140521108.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/K
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/L
                      Source: loaddll32.exe, 00000000.00000003.968382986.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O.
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/P
                      Source: loaddll32.exe, 00000000.00000003.1102121755.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/S
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/T
                      Source: rundll32.exe, 00000003.00000003.1022657707.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/TB
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/U
                      Source: loaddll32.exe, 00000000.00000002.1188425853.00000000008DE000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/W
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/X
                      Source: loaddll32.exe, 00000000.00000002.1188425853.00000000008DE000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.1179012306.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/cB
                      Source: rundll32.exe, 00000003.00000002.1185787218.0000000000F88000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.968382986.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/k
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/lB
                      Source: loaddll32.exe, 00000000.00000003.935924699.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/o
                      Source: loaddll32.exe, 00000000.00000003.1102121755.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.917483761.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1017606590.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1059602410.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1197121469.00000000053DA000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000003.00000003.901239497.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/qB
                      Source: loaddll32.exe, 00000000.00000003.1092536286.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.882972494.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/r
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/s
                      Source: loaddll32.exe, 00000000.00000003.1075937158.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/w
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/z
                      Source: rundll32.exe, 00000003.00000003.838578926.0000000000F88000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/zB
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.807020733.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/7
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.935924699.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.883094862.0000000001001000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.1075937158.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000002.1188425853.00000000008DE000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.1143809099.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000000.00000003.854675981.0000000000921000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14P
                      Source: loaddll32.exe, 00000000.00000003.1051157113.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/4F
                      Source: rundll32.exe, 00000003.00000002.1197121469.00000000053DA000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/9
                      Source: loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.917483761.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1017606590.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.840550486.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1197121469.00000000053DA000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000003.883094862.0000000001001000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/V1
                      Source: loaddll32.exe, 00000000.00000003.854569663.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1127362988.00000000008DE000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.917483761.00000000008DE000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1197121469.00000000053DA000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000000.00000003.854675981.0000000000921000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll
                      Source: loaddll32.exe, 00000000.00000003.1084086671.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/o
                      Source: loaddll32.exe, 00000000.00000003.917483761.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/rF%
                      Source: loaddll32.exe, 00000000.00000003.854569663.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/w
                      Source: loaddll32.exe, 00000000.00000003.1102121755.00000000008DE000.00000004.00000001.sdmpString found in binary or memory: https://452.46.210.220/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3E39F9 InternetReadFile,0_2_6E3E39F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:50217 version: TLS 1.2
                      Source: loaddll32.exe, 00000000.00000002.1188237515.000000000086B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 4.3.rundll32.exe.4c2db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.a6db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.496db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e3b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.4a9db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.79db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.a6db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.4c2db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.79db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.4a9db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.496db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e3b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.779089612.0000000004C10000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1194485552.000000006E3B1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.784553860.0000000000780000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1197217588.000000006E3B1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.752228800.0000000004950000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.753234936.0000000004A80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.785852075.0000000000A50000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3B51A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,0_2_6E3B51A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.25006.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C67C80_2_6E3C67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D02200_2_6E3D0220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DD6200_2_6E3DD620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3BCA100_2_6E3BCA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DFA100_2_6E3DFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3B9E700_2_6E3B9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C9E700_2_6E3C9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CA6600_2_6E3CA660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D76600_2_6E3D7660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D2E600_2_6E3D2E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D12400_2_6E3D1240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C8AB00_2_6E3C8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D26B00_2_6E3D26B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D1EB00_2_6E3D1EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CAE800_2_6E3CAE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C8EF00_2_6E3C8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CB6F00_2_6E3CB6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D62F00_2_6E3D62F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CF6E00_2_6E3CF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3B6AD00_2_6E3B6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C96D00_2_6E3C96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DFA100_2_6E3DFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D3EC00_2_6E3D3EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D17300_2_6E3D1730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D9B100_2_6E3D9B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D3B000_2_6E3D3B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C5B600_2_6E3C5B60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CBF500_2_6E3CBF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CE3F00_2_6E3CE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C83C00_2_6E3C83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C7FC00_2_6E3C7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D7FC00_2_6E3D7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CD0300_2_6E3CD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D10200_2_6E3D1020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D5CB00_2_6E3D5CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CE0A00_2_6E3CE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D4CA00_2_6E3D4CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D50A00_2_6E3D50A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DDCA00_2_6E3DDCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C98DA0_2_6E3C98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3BACD00_2_6E3BACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CA0D00_2_6E3CA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C88C00_2_6E3C88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C8CC00_2_6E3C8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3B15700_2_6E3B1570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3C75640_2_6E3C7564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3BF9A00_2_6E3BF9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CC5900_2_6E3CC590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CD9800_2_6E3CD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3DD1800_2_6E3DD180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D89F00_2_6E3D89F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3D71F00_2_6E3D71F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3CFDD00_2_6E3CFDD0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E3FE2103_2_6E3FE210