Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.5008.1370

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.5008.1370 (renamed file extension from 1370 to dll)
Analysis ID:510696
MD5:7f1dd5795783f0793caec052daae5b4e
SHA1:7ffda23921e29ba6ecd911cfe4ccaaba6b8832ca
SHA256:ef94fa9978503a9a126e4f15296c130e039e67636a55acb5b10778e09ee0d1d3
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7028 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 7064 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7096 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 7084 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3096 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6168 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1194868368.000000006E4C1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000003.00000003.766529856.0000000002F40000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000002.00000003.765489662.0000000004670000.00000040.00000010.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000004.00000003.779791327.0000000002D40000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000000.00000003.790137281.0000000001120000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.rundll32.exe.2f5db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              2.3.rundll32.exe.468db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                0.3.loaddll32.exe.113db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  3.2.rundll32.exe.6e4c0000.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    2.3.rundll32.exe.468db55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.3.loaddll32.exe.113db55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllReversingLabs: Detection: 20%
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49760 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49772 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1193920617.000000006E587000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1195365441.000000006E587000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.5008.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ECEF8 FindFirstFileExW,0_2_6E4ECEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4853Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.4:49773 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.4:49789 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.4:49791 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:06:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:18 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:07:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000003.00000003.800119859.0000000005151000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.799281472.000000000514F000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?75268022b6a29
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/c
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/%
                      Source: loaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/0
                      Source: loaddll32.exe, 00000000.00000003.816913953.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/1
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/P
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/S
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/em32
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: loaddll32.exe, 00000000.00000003.1063082745.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/ll1
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1028569401.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/v
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/w
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: loaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/F
                      Source: loaddll32.exe, 00000000.00000003.811547591.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/N
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/%
                      Source: loaddll32.exe, 00000000.00000003.837199003.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/&
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/0
                      Source: loaddll32.exe, 00000000.00000003.806428262.000000000142C000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/4.140.214:808/
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/853
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/C
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/D
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/ES
                      Source: loaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/P
                      Source: loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/Ps%
                      Source: loaddll32.exe, 00000000.00000003.995531404.0000000001428000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/oft
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1178896990.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.970321561.0000000001429000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/#
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/$
                      Source: loaddll32.exe, 00000000.00000003.920743516.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/)
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/-
                      Source: loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmpString found in binary or memory: https://192.46.210.220/1
                      Source: loaddll32.exe, 00000000.00000003.937380465.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/5
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/9
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/E
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Google
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/L
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/N
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/O
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/W
                      Source: loaddll32.exe, 00000000.00000003.904619445.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dll
                      Source: loaddll32.exe, 00000000.00000003.828785020.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/aenh.dllz
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/coro8
                      Source: loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/i
                      Source: loaddll32.exe, 00000000.00000003.1012124189.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.1192983673.000000000142B000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: loaddll32.exe, 00000000.00000003.855700484.000000000142B000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/r
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1096183295.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/.0.96:6891/
                      Source: rundll32.exe, 00000003.00000002.1192429006.000000000099C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/1$
                      Source: loaddll32.exe, 00000000.00000003.860275635.000000000142A000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/C
                      Source: loaddll32.exe, 00000000.00000003.896445896.0000000001429000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.1045448367.000000000142B000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.953795452.0000000001429000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: rundll32.exe, 00000003.00000002.1194600161.000000000514E000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dlln
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4865Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4F39F9 InternetReadFile,0_2_6E4F39F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49760 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.4:49772 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 3.3.rundll32.exe.2f5db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.468db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.113db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e4c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.468db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.113db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.445db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.2d5db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.2f5db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e4c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.445db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.rundll32.exe.2d5db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1194868368.000000006E4C1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.766529856.0000000002F40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.765489662.0000000004670000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.779791327.0000000002D40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.790137281.0000000001120000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1193417410.000000006E4C1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.787445513.0000000004440000.00000040.00000001.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C51A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,0_2_6E4C51A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D67C80_2_6E4D67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E12400_2_6E4E1240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DA6600_2_6E4DA660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E76600_2_6E4E7660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E2E600_2_6E4E2E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C9E700_2_6E4C9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D9E700_2_6E4D9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CCA100_2_6E4CCA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EFA100_2_6E4EFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E02200_2_6E4E0220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ED6200_2_6E4ED620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EFA100_2_6E4EFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E3EC00_2_6E4E3EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C6AD00_2_6E4C6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D96D00_2_6E4D96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DF6E00_2_6E4DF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8EF00_2_6E4D8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DB6F00_2_6E4DB6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E62F00_2_6E4E62F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DAE800_2_6E4DAE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8AB00_2_6E4D8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E26B00_2_6E4E26B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E1EB00_2_6E4E1EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DBF500_2_6E4DBF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D5B600_2_6E4D5B60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CAF7F0_2_6E4CAF7F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E3B000_2_6E4E3B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E9B100_2_6E4E9B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E17300_2_6E4E1730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D83C00_2_6E4D83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D7FC00_2_6E4D7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E7FC00_2_6E4E7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DE3F00_2_6E4DE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C17840_2_6E4C1784
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E10200_2_6E4E1020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DD0300_2_6E4DD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D88C00_2_6E4D88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D8CC00_2_6E4D8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D98DA0_2_6E4D98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DA0D00_2_6E4DA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DE0A00_2_6E4DE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E4CA00_2_6E4E4CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E50A00_2_6E4E50A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EDCA00_2_6E4EDCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E5CB00_2_6E4E5CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D75640_2_6E4D7564
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DFDD00_2_6E4DFDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E89F00_2_6E4E89F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4E71F00_2_6E4E71F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DD9800_2_6E4DD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4ED1800_2_6E4ED180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4DC5900_2_6E4DC590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4CF9A00_2_6E4CF9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4D22A0 NtDelayExecution,0_2_6E4D22A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4EBE30 NtClose,0_2_6E4EBE30
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllReversingLabs: Detection: 20%
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,BluewingJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,EarthJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,MasterjustJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/4
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.5008.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.1370Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.5008.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.1193920617.000000006E587000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.1195365441.000000006E587000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.5008.dll