Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.31954.24049

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.31954.24049 (renamed file extension from 24049 to dll)
Analysis ID:510691
MD5:b550657c2ac0bf9940617b669d6870b1
SHA1:2071b204899736be74379f1197b13700e6de3a09
SHA256:e3244d67b76615adcc86f39f00f49ae345e18f2e9136f5305a438a4a6601e7e9
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6828 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6844 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6864 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6852 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6932 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6948 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.764183510.0000000004D80000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000000.00000003.799249940.0000000001000000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.1188824547.000000006E361000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000008.00000003.799320451.00000000048E0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000007.00000003.782470238.0000000000690000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.3.rundll32.exe.4d9db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              3.3.rundll32.exe.61db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                0.3.loaddll32.exe.101db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  7.3.rundll32.exe.6adb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    7.3.rundll32.exe.6adb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.2.loaddll32.exe.6e360000.0.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49759 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49774 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49861 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1189544778.000000006E427000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1192090011.000000006E427000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.31954.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38CEF8 FindFirstFileExW,0_2_6E38CEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.4:49761 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.4:49776 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.4:49778 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:01:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:02:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:03:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:34 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:04:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: loaddll32.exe, 00000000.00000003.1061650734.0000000000FF5000.00000004.00000001.sdmpString found in binary or memory: https://142.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.1034567517.0000000000FF5000.00000004.00000001.sdmpString found in binary or memory: https://18192.46.210.220/H
                      Source: rundll32.exe, 00000003.00000003.1013667932.00000000005C4000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: rundll32.exe, 00000003.00000003.1142934817.00000000005C4000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/8
                      Source: rundll32.exe, 00000003.00000003.1142934817.00000000005C4000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/H
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/.
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/563209-4053062332-1002
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/563209-45
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/graphy
                      Source: rundll32.exe, 00000003.00000003.995243252.00000000005C4000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/nd
                      Source: rundll32.exe, 00000003.00000002.1191016182.0000000004871000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.872455871.0000000000FF4000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6
                      Source: rundll32.exe, 00000003.00000003.1142934817.00000000005C4000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: rundll32.exe, 00000003.00000002.1187731513.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000003.859025204.00000000005C5000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/derpd
                      Source: rundll32.exe, 00000003.00000003.859025204.00000000005C5000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/x
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3939F9 InternetReadFile,0_2_6E3939F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49759 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49774 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49861 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 2.3.rundll32.exe.4d9db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.61db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.101db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.6adb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.rundll32.exe.6adb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.48fdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.3.rundll32.exe.48fdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.4d9db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e360000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e360000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.61db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.101db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000003.764183510.0000000004D80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.799249940.0000000001000000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1188824547.000000006E361000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.799320451.00000000048E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.782470238.0000000000690000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1191678149.000000006E361000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.763243563.0000000000600000.00000040.00000010.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3651A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,0_2_6E3651A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3767C80_2_6E3767C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3802200_2_6E380220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38D6200_2_6E38D620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E36CA100_2_6E36CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38FA100_2_6E38FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E369E700_2_6E369E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E379E700_2_6E379E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37A6600_2_6E37A660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3876600_2_6E387660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E382E600_2_6E382E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3812400_2_6E381240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E378AB00_2_6E378AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3826B00_2_6E3826B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E381EB00_2_6E381EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37AE800_2_6E37AE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E378EF00_2_6E378EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37B6F00_2_6E37B6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3862F00_2_6E3862F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37F6E00_2_6E37F6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E366AD00_2_6E366AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3796D00_2_6E3796D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E383EC00_2_6E383EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38FA100_2_6E38FA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3817300_2_6E381730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E389B100_2_6E389B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E383B000_2_6E383B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37BF500_2_6E37BF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37E3F00_2_6E37E3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3783C00_2_6E3783C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E377FC00_2_6E377FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E387FC00_2_6E387FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37D0300_2_6E37D030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3810200_2_6E381020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E385CB00_2_6E385CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37E0A00_2_6E37E0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E384CA00_2_6E384CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3850A00_2_6E3850A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38DCA00_2_6E38DCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E375CAC0_2_6E375CAC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E36ACD00_2_6E36ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37A0D00_2_6E37A0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3798DA0_2_6E3798DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3788C00_2_6E3788C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E378CC00_2_6E378CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3615700_2_6E361570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3775640_2_6E377564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E36F9A00_2_6E36F9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37C5900_2_6E37C590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37D9800_2_6E37D980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38D1800_2_6E38D180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3889F00_2_6E3889F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3871F00_2_6E3871F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E37FDD00_2_6E37FDD0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6E3AE2103_2_6E3AE210
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E3722A0 NtDelayExecution,0_2_6E3722A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E38BE30 NtClose,0_2_6E38BE30
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllReversingLabs: Detection: 27%
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,BluewingJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,EarthJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,MasterjustJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/5
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.31954.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.31954.24049Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.e