Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.9478.23455

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.9478.23455 (renamed file extension from 23455 to dll)
Analysis ID:510687
MD5:6fd1917b9317cb3a563452406ee6b42e
SHA1:ca04deff186c8177bc45b1d71fc0d9f7cd77e89e
SHA256:a0a2052a31550ac810368f5aa8e2e9d4f309758e6b3391f9ba27c52ccb9f4ed5
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6832 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6888 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6972 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6960 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7024 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7052 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.9478.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000003.411045678.00000000046D0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000007.00000002.816097382.000000006E931000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000006.00000003.380770170.00000000007C0000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000002.00000002.815049595.000000006E931000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000008.00000003.400629828.00000000008D0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            9.3.rundll32.exe.46edb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              9.3.rundll32.exe.46edb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                8.3.rundll32.exe.8edb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  2.3.loaddll32.exe.10edb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    6.3.rundll32.exe.7ddb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 7.2.rundll32.exe.6e930000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.9478.dllReversingLabs: Detection: 38%
                      Source: SecuriteInfo.com.Variant.Razy.980776.9478.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49743 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.9478.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000002.00000002.815295434.000000006E9F7000.00000002.00020000.sdmp, rundll32.exe, 00000007.00000002.816408400.000000006E9F7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.9478.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E95CEF8 FindFirstFileExW,2_2_6E95CEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.3:49742 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.3:49746 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.3:49748 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:53:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:54:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:55:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 02:56:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: rundll32.exe, 00000007.00000003.430153868.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                      Source: rundll32.exe, 00000007.00000003.430153868.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/Gq
                      Source: rundll32.exe, 00000007.00000002.815150304.00000000032FA000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000007.00000003.430285368.000000000541D000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000002.815150304.00000000032FA000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?561c40c84f427
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabv
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: rundll32.exe, 00000007.00000003.421191267.000000000336A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/Ev
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: rundll32.exe, 00000007.00000003.685102476.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/la
                      Source: rundll32.exe, 00000007.00000002.815270694.0000000003361000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/Gq
                      Source: loaddll32.exe, 00000002.00000003.474152776.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.524322961.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: rundll32.exe, 00000007.00000002.815270694.0000000003361000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/P
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/W
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.496322195.0000000003361000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.421191267.000000000336A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: rundll32.exe, 00000007.00000003.590697653.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hyQq
                      Source: rundll32.exe, 00000007.00000003.615902947.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hybq
                      Source: loaddll32.exe, 00000002.00000003.789280519.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lGq
                      Source: rundll32.exe, 00000007.00000003.624273197.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/la
                      Source: rundll32.exe, 00000007.00000003.524322961.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: rundll32.exe, 00000007.00000003.565788704.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/llbq
                      Source: loaddll32.exe, 00000002.00000003.590990072.0000000000F5F000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.789346545.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000002.00000003.507704635.0000000000F59000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/z
                      Source: loaddll32.exe, 00000002.00000002.813943136.0000000000F4C000.00000004.00000020.sdmpString found in binary or memory: https://182.46.210.220/
                      Source: rundll32.exe, 00000007.00000002.815270694.0000000003361000.00000004.00000020.sdmpString found in binary or memory: https://183.244.140.214:808/
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/-
                      Source: loaddll32.exe, 00000002.00000003.438385750.0000000000F5A000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/T
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/rm
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000002.00000003.780894009.0000000000F4C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4802
                      Source: rundll32.exe, 00000007.00000003.693220636.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4H
                      Source: rundll32.exe, 00000007.00000003.565788704.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/814
                      Source: loaddll32.exe, 00000002.00000003.599359620.0000000000FCA000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/=-
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: rundll32.exe, 00000007.00000003.454521385.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: rundll32.exe, 00000007.00000003.734581021.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/F
                      Source: rundll32.exe, 00000007.00000003.632573369.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/M
                      Source: loaddll32.exe, 00000002.00000002.814006156.0000000000F58000.00000004.00000020.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: rundll32.exe, 00000007.00000003.590697653.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/fW
                      Source: rundll32.exe, 00000007.00000003.693220636.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/j
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/l
                      Source: loaddll32.exe, 00000002.00000003.538347137.0000000000F57000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ll
                      Source: rundll32.exe, 00000007.00000003.746859571.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/llo
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/y$7
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.438132004.0000000003361000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.734581021.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000007.00000003.734581021.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/(r
                      Source: rundll32.exe, 00000007.00000003.454521385.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/-
                      Source: rundll32.exe, 00000007.00000003.496322195.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/.Q
                      Source: rundll32.exe, 00000007.00000003.734581021.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/0
                      Source: loaddll32.exe, 00000002.00000003.451141108.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/3
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/5
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/563209-4053062332-1002
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/563209-4053062332-1002L
                      Source: rundll32.exe, 00000007.00000003.615902947.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/563209-4053062332-1002y
                      Source: rundll32.exe, 00000007.00000003.479578980.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/6Q
                      Source: loaddll32.exe, 00000002.00000002.814100062.0000000000F98000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Aq
                      Source: loaddll32.exe, 00000002.00000003.451141108.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/B
                      Source: rundll32.exe, 00000007.00000003.438132004.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/BQ
                      Source: loaddll32.exe, 00000002.00000002.814100062.0000000000F98000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: rundll32.exe, 00000007.00000003.624273197.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/FQ
                      Source: rundll32.exe, 00000007.00000003.615902947.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Im
                      Source: rundll32.exe, 00000007.00000003.615902947.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Is
                      Source: loaddll32.exe, 00000002.00000003.507704635.0000000000F59000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000002.815150304.00000000032FA000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/K
                      Source: loaddll32.exe, 00000002.00000002.814100062.0000000000F98000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/P6
                      Source: loaddll32.exe, 00000002.00000002.814100062.0000000000F98000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/S
                      Source: loaddll32.exe, 00000002.00000003.507704635.0000000000F59000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/T
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Vs
                      Source: rundll32.exe, 00000007.00000003.438132004.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/_s
                      Source: loaddll32.exe, 00000002.00000003.640878974.0000000000F55000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: rundll32.exe, 00000007.00000003.734581021.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/en-US
                      Source: rundll32.exe, 00000007.00000003.496358216.0000000005416000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.565824893.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: rundll32.exe, 00000007.00000003.565788704.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/jQ
                      Source: rundll32.exe, 00000007.00000003.693267353.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/liuS
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/nQ
                      Source: rundll32.exe, 00000007.00000003.516053522.0000000005416000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.693267353.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000007.00000003.615902947.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/rs
                      Source: loaddll32.exe, 00000002.00000003.591088945.0000000000F58000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/y
                      Source: rundll32.exe, 00000007.00000003.487949283.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/zQ
                      Source: rundll32.exe, 00000007.00000003.430153868.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://19dl.windowsupdate.com/
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmpString found in binary or memory: https://45.7-
                      Source: rundll32.exe, 00000007.00000003.471262416.00000000033A1000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: rundll32.exe, 00000007.00000003.433791949.000000000339E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/-
                      Source: loaddll32.exe, 00000002.00000003.457412694.0000000000F57000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.615853148.0000000000F58000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.451150859.0000000000F60000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.746888787.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: rundll32.exe, 00000007.00000003.524364338.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: rundll32.exe, 00000007.00000003.565824893.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/liuS
                      Source: loaddll32.exe, 00000002.00000003.434212982.0000000000F5A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/
                      Source: loaddll32.exe, 00000002.00000003.451150859.0000000000F60000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/08/l
                      Source: loaddll32.exe, 00000002.00000003.434212982.0000000000F5A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14
                      Source: rundll32.exe, 00000007.00000003.693220636.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/14M
                      Source: loaddll32.exe, 00000002.00000003.640878974.0000000000F55000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/899f5f57b9a
                      Source: rundll32.exe, 00000007.00000003.438113449.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/9
                      Source: rundll32.exe, 00000007.00000002.815937821.0000000005413000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.524364338.0000000005416000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.734607197.0000000005416000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.590739605.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: loaddll32.exe, 00000002.00000003.451150859.0000000000F60000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Q%
                      Source: rundll32.exe, 00000007.00000002.815937821.0000000005413000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Rf
                      Source: rundll32.exe, 00000007.00000003.524364338.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Vi
                      Source: loaddll32.exe, 00000002.00000003.434212982.0000000000F5A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/der
                      Source: rundll32.exe, 00000007.00000003.487977022.0000000005416000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000002.815937821.0000000005413000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.516053522.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: loaddll32.exe, 00000002.00000003.649139573.0000000000F55000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000002.815358842.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/q
                      Source: loaddll32.exe, 00000002.00000003.484765322.0000000000F56000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.715289859.0000000000F54000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.433750522.0000000003361000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/r
                      Source: rundll32.exe, 00000007.00000002.815358842.00000000033D1000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/rY
                      Source: rundll32.exe, 00000007.00000003.565824893.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/ri
                      Source: loaddll32.exe, 00000002.00000003.591079359.0000000000F4C000.00000004.00000001.sdmpString found in binary or memory: https://452.46.210.220/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E9639F9 InternetReadFile,2_2_6E9639F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49743 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 9.3.rundll32.exe.46edb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.46edb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.8edb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.10edb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.7ddb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.7ddb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.10edb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.6e930000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e930000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.31bdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.31bdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.8edb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000003.411045678.00000000046D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.816097382.000000006E931000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.380770170.00000000007C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.815049595.000000006E931000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.400629828.00000000008D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.413004072.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.381345345.00000000031A0000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E9351A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,2_2_6E9351A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.9478.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL