Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.23616.12095

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Razy.980776.23616.12095 (renamed file extension from 12095 to dll)
Analysis ID:510697
MD5:50b17cce4a58067e69bf19e006320ec4
SHA1:26275bcc652ed3498cf73c771169c3e367fde96c
SHA256:8a9bb370f658f04ebd313ba3d074e3fe63230f5eb8709ecbb6b92933f35559bd
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Detected Dridex e-Banking trojan
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Queries the installation date of Windows
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6440 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6464 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6508 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6484 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6560 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6576 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000003.447081469.0000000000DB0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000003.00000002.871199283.000000006EF91000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000002.00000003.446543317.00000000006B0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000005.00000003.459341786.00000000033F0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000000.00000003.475297637.0000000000EE0000.00000040.00000001.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.3.rundll32.exe.dadb55.0.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              5.3.rundll32.exe.340db55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                2.3.rundll32.exe.6cdb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  6.3.rundll32.exe.dadb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    3.3.rundll32.exe.dcdb55.0.raw.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 6.3.rundll32.exe.dadb55.0.raw.unpackMalware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllReversingLabs: Detection: 40%
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49756 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49998 version: TLS 1.2
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.870351399.000000006F057000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.873021020.000000006F057000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.23616.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBCEF8 FindFirstFileExW,0_2_6EFBCEF8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.77.0.96 235Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.56.219.47 180Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.46.210.220 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.140.214 40Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 192.46.210.220:443
                      Source: Malware configuration extractorIPs: 143.244.140.214:808
                      Source: Malware configuration extractorIPs: 45.77.0.96:6891
                      Source: Malware configuration extractorIPs: 185.56.219.47:8116
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: KELIWEBIT KELIWEBIT
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4850Connection: CloseCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 45.77.0.96 45.77.0.96
                      Source: Joe Sandbox ViewIP Address: 185.56.219.47 185.56.219.47
                      Source: global trafficTCP traffic: 192.168.2.6:49757 -> 143.244.140.214:808
                      Source: global trafficTCP traffic: 192.168.2.6:49760 -> 45.77.0.96:6891
                      Source: global trafficTCP traffic: 192.168.2.6:49762 -> 185.56.219.47:8116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:08:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:03 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:53 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:09:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:38 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:46 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:50 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:54 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:10:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:02 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:06 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:25 GMTContent-Type: text/plain; charset=utf-8Connection: close
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 143.244.140.214
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.56.219.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.77.0.96
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: rundll32.exe, 00000003.00000003.489992121.0000000003004000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                      Source: rundll32.exe, 00000003.00000002.870011136.0000000002F9A000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: rundll32.exe, 00000003.00000002.870011136.0000000002F9A000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: rundll32.exe, 00000003.00000003.487626211.000000000508E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.870011136.0000000002F9A000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2e85d5c03e218
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214/
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/
                      Source: rundll32.exe, 00000003.00000003.542599295.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/My
                      Source: rundll32.exe, 00000003.00000003.834897393.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/h
                      Source: rundll32.exe, 00000003.00000002.870083390.0000000003004000.00000004.00000020.sdmpString found in binary or memory: https://143.244.140.214:808/hy
                      Source: rundll32.exe, 00000003.00000003.818278271.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/j
                      Source: rundll32.exe, 00000003.00000003.818278271.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/l1
                      Source: rundll32.exe, 00000003.00000003.690035042.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll
                      Source: rundll32.exe, 00000003.00000003.619902609.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/ll1
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/lm
                      Source: rundll32.exe, 00000003.00000003.717236230.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://143.244.140.214:808/oft
                      Source: rundll32.exe, 00000003.00000003.556993945.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://182.46.210.220/
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47/
                      Source: rundll32.exe, 00000003.00000003.542599295.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/
                      Source: rundll32.exe, 00000003.00000002.870135617.0000000003071000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/b
                      Source: rundll32.exe, 00000003.00000003.628258081.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://185.56.219.47:8116/soft
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.681709088.0000000003004000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.505214058.0000000005090000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/
                      Source: rundll32.exe, 00000003.00000003.681709088.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/(
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/1-
                      Source: rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/563209-4053062332-1002?
                      Source: rundll32.exe, 00000003.00000003.582189208.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/7.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000003.784548798.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/9-
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/:
                      Source: rundll32.exe, 00000003.00000003.603018518.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/=-
                      Source: rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/Certification
                      Source: rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/GlobalSign
                      Source: rundll32.exe, 00000003.00000003.681709088.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/I
                      Source: rundll32.exe, 00000003.00000003.818278271.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/gz
                      Source: rundll32.exe, 00000003.00000003.801279123.0000000003004000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/i
                      Source: rundll32.exe, 00000003.00000003.565314349.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/ography
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://192.46.210.220/p
                      Source: rundll32.exe, 00000003.00000003.522212080.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96/
                      Source: rundll32.exe, 00000003.00000003.565314349.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/
                      Source: rundll32.exe, 00000003.00000003.557024904.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/7C
                      Source: rundll32.exe, 00000003.00000003.557024904.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/9C
                      Source: rundll32.exe, 00000003.00000003.582189208.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/IC
                      Source: rundll32.exe, 00000003.00000003.565314349.000000000508F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.582189208.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/Microsoft
                      Source: rundll32.exe, 00000003.00000002.870135617.0000000003071000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/R
                      Source: rundll32.exe, 00000003.00000003.542639549.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/_B
                      Source: rundll32.exe, 00000003.00000003.565314349.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/aB
                      Source: rundll32.exe, 00000003.00000003.565314349.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/dC
                      Source: rundll32.exe, 00000003.00000003.725673411.0000000005090000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.870520545.000000000508C000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/graphy
                      Source: rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/h.dll
                      Source: rundll32.exe, 00000003.00000003.671006878.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/mC
                      Source: rundll32.exe, 00000003.00000002.870117440.0000000003068000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/r
                      Source: rundll32.exe, 00000003.00000003.542639549.000000000508F000.00000004.00000001.sdmpString found in binary or memory: https://45.77.0.96:6891/vB
                      Source: rundll32.exe, 00000003.00000003.565283775.0000000003004000.00000004.00000001.sdmpString found in binary or memory: https://45192.46.210.220/
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4862Connection: CloseCache-Control: no-cache
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFC39F9 InternetReadFile,0_2_6EFC39F9
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49755 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49756 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.6:49998 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 6.3.rundll32.exe.dadb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.340db55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.6cdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.dadb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.dcdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6ef90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.340db55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.efdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.rundll32.exe.6cdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.rundll32.exe.dcdb55.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.loaddll32.exe.efdb55.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6ef90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000003.447081469.0000000000DB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.871199283.000000006EF91000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.446543317.00000000006B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.459341786.00000000033F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.475297637.0000000000EE0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.474966326.0000000000D90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.870130062.000000006EF91000.00000020.00020000.sdmp, type: MEMORY
                      Detected Dridex e-Banking trojanShow sources
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF951A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,0_2_6EF951A7
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA67C80_2_6EFA67C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA8EF00_2_6EFA8EF0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAB6F00_2_6EFAB6F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB62F00_2_6EFB62F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAF6E00_2_6EFAF6E0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF96AD00_2_6EF96AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA96D00_2_6EFA96D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB3EC00_2_6EFB3EC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBFA100_2_6EFBFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA8AB00_2_6EFA8AB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB26B00_2_6EFB26B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB1EB00_2_6EFB1EB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAAE800_2_6EFAAE80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF99E700_2_6EF99E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA9E700_2_6EFA9E70
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB76600_2_6EFB7660
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB2E600_2_6EFB2E60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB12400_2_6EFB1240
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB02200_2_6EFB0220
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBD6200_2_6EFBD620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF9CA100_2_6EF9CA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBFA100_2_6EFBFA10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAE3F00_2_6EFAE3F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA83C00_2_6EFA83C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA7FC00_2_6EFA7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB7FC00_2_6EFB7FC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFABF500_2_6EFABF50
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB17300_2_6EFB1730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB9B100_2_6EFB9B10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB3B000_2_6EFB3B00
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA98DA0_2_6EFA98DA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF9ACD00_2_6EF9ACD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAA0D00_2_6EFAA0D0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA88C00_2_6EFA88C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA8CC00_2_6EFA8CC0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB5CB00_2_6EFB5CB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA5CAC0_2_6EFA5CAC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAE0A00_2_6EFAE0A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB4CA00_2_6EFB4CA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB50A00_2_6EFB50A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBDCA00_2_6EFBDCA0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAD0300_2_6EFAD030
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB10200_2_6EFB1020
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB89F00_2_6EFB89F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFB71F00_2_6EFB71F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAFDD00_2_6EFAFDD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF9F9A00_2_6EF9F9A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAC5900_2_6EFAC590
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFAD9800_2_6EFAD980
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBD1800_2_6EFBD180
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EF915700_2_6EF91570
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA75640_2_6EFA7564
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6EFDE2103_2_6EFDE210
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFA22A0 NtDelayExecution,0_2_6EFA22A0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6EFBBE30 NtClose,0_2_6EFBBE30
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllReversingLabs: Detection: 40%
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Bluewing
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Earth
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Masterjust
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,BluewingJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,EarthJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,MasterjustJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal84.bank.troj.evad.winDLL@11/2@0/5
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.23616.dll,Bluewing
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.12095Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic file information: File size 1375232 > 1048576
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Razy.980776.23616.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.870351399.000000006F057000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.873021020.000000006F057000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.23616.dll
                      Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior