Windows Analysis Report
0RWRPBSuDx.exe

Overview

General Information

Sample name: 0RWRPBSuDx.exe
renamed because original name is a hash value
Original sample name: d19197438a7371baaac62fec8dabb3d7.exe
Analysis ID: 1417492
MD5: d19197438a7371baaac62fec8dabb3d7
SHA1: 3252c13b0af9e6a71c11bf9ed37122b3d76064bd
SHA256: e2de4097b80b8480f28f08bc4fc238dca38dbdcb6bbb0c77a83e3753cb03dcf7
Tags: 32exe
Infos:

Detection

Socks5Systemz
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Socks5Systemz
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 0RWRPBSuDx.exe Avira: detected
Antivirus detection for dropped file
Source: C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe Avira: detection malicious, Label: HEUR/AGEN.1324697
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Avira: detection malicious, Label: HEUR/AGEN.1324697
Found malware configuration
Source: codecpackupdate.exe.7084.3.memstrmin Malware Configuration Extractor: Socks5Systemz {"C2 list": ["bvuppwf.com"]}
Multi AV Scanner detection for domain / URL
Source: http://45.142.214.240/ Virustotal: Detection: 7% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe Virustotal: Detection: 38% Perma Link
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Virustotal: Detection: 38% Perma Link
Multi AV Scanner detection for submitted file
Source: 0RWRPBSuDx.exe Virustotal: Detection: 9% Perma Link
Machine Learning detection for dropped file
Source: C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045B4AC GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion, 1_2_0045B4AC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045B560 ArcFourCrypt, 1_2_0045B560
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045B578 ArcFourCrypt, 1_2_0045B578
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_10001000 ISCryptGetVersion, 1_2_10001000
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_10001130 ArcFourCrypt, 1_2_10001130

Compliance
barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 2.2.codecpackupdate.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 3.2.codecpackupdate.exe.400000.0.unpack
Uses 32bit PE files
Source: 0RWRPBSuDx.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047A44C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_0047A44C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047077C FindFirstFileA,FindNextFileA,FindClose, 1_2_0047077C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004513E4 FindFirstFileA,GetLastError, 1_2_004513E4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004601DC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_004601DC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00478334 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00478334
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00460658 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_00460658
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045EC50 FindFirstFileA,FindNextFileA,FindClose, 1_2_0045EC50
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00491EBC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_00491EBC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49736 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49736 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49740 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49740 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49741 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49741 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49742 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49742 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49743 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49743 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49744 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49744 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49745 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49745 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49746 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49746 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49748 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49748 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49749 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49749 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49750 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49750 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49751 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49751 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49752 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49752 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49753 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49753 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49754 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49754 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49755 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49755 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49756 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49756 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49757 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49757 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49758 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49758 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49759 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49759 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49760 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49760 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49761 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49761 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49762 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49762 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49763 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49763 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49764 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49764 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49765 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49765 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49766 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49766 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49767 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49767 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49768 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49768 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49769 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49769 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49770 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49770 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49771 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49771 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49772 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49772 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49773 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49773 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49774 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49774 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49775 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49775 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49776 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49776 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49777 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49777 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49778 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49778 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49779 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49779 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49780 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49780 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49781 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49781 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49782 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49782 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49783 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49783 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49784 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49784 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49785 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49785 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49786 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49786 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49787 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49787 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49788 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49788 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49789 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49789 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49790 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49790 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49791 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49791 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49792 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49792 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49793 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49793 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49794 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49794 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49795 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49795 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49796 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49796 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49797 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49797 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49798 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49798 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49799 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49799 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49800 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49800 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49801 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49801 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49802 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49802 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49803 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49803 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49804 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49804 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49805 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49805 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49806 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49806 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49807 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49807 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49808 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49808 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49809 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49809 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49810 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49810 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49811 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49811 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49812 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49812 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49813 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49813 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49814 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49814 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49815 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49815 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49816 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49816 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49817 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49817 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49818 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49818 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49819 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49819 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49820 -> 45.142.214.240:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49820 -> 45.142.214.240:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: bvuppwf.com
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49737 -> 88.80.148.19:2023
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 88.80.148.19 88.80.148.19
Source: Joe Sandbox View IP Address: 45.142.214.240 45.142.214.240
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: ALEXHOSTMD ALEXHOSTMD
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffe16c1ec909e3b HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown UDP traffic detected without corresponding DNS query: 91.211.247.248
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_009F72A7 Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free, 3_2_009F72A7
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffe16c1ec909e3b HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 HTTP/1.1Host: bvuppwf.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: unknown DNS traffic detected: queries for: bvuppwf.com
Source: codecpackupdate.exe, 00000003.00000002.2868115063.00000000009C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/se0-
Source: codecpackupdate.exe, 00000003.00000002.2869004771.0000000003682000.00000004.00000020.00020000.00000000.sdmp, codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=
Source: codecpackupdate.exe, 00000003.00000002.2869004771.0000000003682000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd8
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d784
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c(
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e9
Source: codecpackupdate.exe, 00000003.00000002.2869086684.0000000003786000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e99282
Source: codecpackupdate.exe, 00000003.00000002.2868115063.00000000009C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df
Source: codecpackupdate.exe, 00000003.00000002.2868984267.000000000363E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.142.214.240/search/?q=67e28dd86d55f128U-~
Source: is-K7UM1.tmp.1.dr String found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608178072.0000000002074000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608104571.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000002.2867895808.0000000002080000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612803679.0000000003100000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612892204.000000000211C000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2868089053.0000000002128000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://vovsoft.com
Source: 0RWRPBSuDx.tmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867707898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-MD4P1.tmp.1.dr, 0RWRPBSuDx.tmp.0.dr String found in binary or memory: http://www.innosetup.com/
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608178072.0000000002074000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608104571.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000002.2867895808.0000000002080000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612803679.0000000003100000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612892204.000000000211C000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2868089053.0000000002128000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org).
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608850294.0000000002088000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608714441.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867707898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-MD4P1.tmp.1.dr, 0RWRPBSuDx.tmp.0.dr String found in binary or memory: http://www.remobjects.com/ps
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608850294.0000000002088000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608714441.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867707898.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-MD4P1.tmp.1.dr, 0RWRPBSuDx.tmp.0.dr String found in binary or memory: http://www.remobjects.com/psU
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608178072.0000000002074000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608104571.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000002.2867895808.0000000002080000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612803679.0000000003100000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612892204.000000000211C000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2868089053.0000000002128000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/contact/
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608178072.0000000002074000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608104571.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000002.2867895808.0000000002080000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612803679.0000000003100000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612892204.000000000211C000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2868089053.0000000002128000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/contact/.
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608178072.0000000002074000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000003.1608104571.0000000002300000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.exe, 00000000.00000002.2867895808.0000000002080000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612803679.0000000003100000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1615129214.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000003.1612892204.000000000211C000.00000004.00001000.00020000.00000000.sdmp, 0RWRPBSuDx.tmp, 00000001.00000002.2868089053.0000000002128000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/newsletter/
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0042ED54 NtdllDefWindowProc_A, 1_2_0042ED54
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00423AF4 NtdllDefWindowProc_A, 1_2_00423AF4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00412548 NtdllDefWindowProc_A, 1_2_00412548
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00455448 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, 1_2_00455448
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00473A10 NtdllDefWindowProc_A, 1_2_00473A10
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0042E6DC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError, 1_2_0042E6DC
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00453D4C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00453D4C
Detected potential crypto function
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00408330 0_2_00408330
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0046C0D0 1_2_0046C0D0
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00434B5C 1_2_00434B5C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047B0A3 1_2_0047B0A3
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004637D4 1_2_004637D4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00444304 1_2_00444304
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045C4C4 1_2_0045C4C4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00430700 1_2_00430700
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004449FC 1_2_004449FC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00480B58 1_2_00480B58
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00444E08 1_2_00444E08
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00459498 1_2_00459498
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0043D5E4 1_2_0043D5E4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00465824 1_2_00465824
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00481A30 1_2_00481A30
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00487BD4 1_2_00487BD4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0042FB90 1_2_0042FB90
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00443D5C 1_2_00443D5C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00433E58 1_2_00433E58
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 2_2_00401051 2_2_00401051
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 2_2_00401C26 2_2_00401C26
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00401051 3_2_00401051
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00401C26 3_2_00401C26
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A0E18D 3_2_00A0E18D
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A0DC99 3_2_00A0DC99
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A0AC3A 3_2_00A0AC3A
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A08442 3_2_00A08442
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A0E5A5 3_2_00A0E5A5
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A12DB4 3_2_00A12DB4
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A09E84 3_2_00A09E84
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A14E29 3_2_00A14E29
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_009FEFAD 3_2_009FEFAD
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A2BCEB 3_2_00A2BCEB
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A2BD58 3_2_00A2BD58
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Codec Pack Update\is-06H7C.tmp 8A7D2DA7685CEDB267BFA7F0AD3218AFA28F4ED2F1029EE920D66EB398F3476D
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00405964 appears 101 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00455DD4 appears 68 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00445668 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00455BC8 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00433D70 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 0040785C appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00451CC8 appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00408B74 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00445938 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: String function: 00403684 appears 211 times
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: String function: 00A15330 appears 138 times
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: String function: 00A08AE0 appears 37 times
PE file contains executable resources (Code or Archives)
Source: 0RWRPBSuDx.exe Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 0RWRPBSuDx.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: 0RWRPBSuDx.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: 0RWRPBSuDx.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: 0RWRPBSuDx.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: 0RWRPBSuDx.tmp.0.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-MD4P1.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-MD4P1.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-MD4P1.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-MD4P1.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-MD4P1.tmp.1.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
PE file contains more sections than normal
Source: is-K7UM1.tmp.1.dr Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608850294.0000000002088000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs 0RWRPBSuDx.exe
Source: 0RWRPBSuDx.exe, 00000000.00000003.1608714441.0000000002300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs 0RWRPBSuDx.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Section loaded: netutils.dll Jump to behavior
Uses 32bit PE files
Source: 0RWRPBSuDx.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: codecpackupdate.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: WWAN_MobileFixup 2.33.197.66.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal100.troj.evad.winEXE@7/26@1/2
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A008B8 FormatMessageA,GetLastError, 3_2_00A008B8
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00453D4C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00453D4C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00454574 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA, 1_2_00454574
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateServiceA,CloseServiceHandle, 2_2_00402572
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateServiceA,CloseServiceHandle, 3_2_00402572
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00409AD0 FindResourceA,SizeofResource,LoadResource,LockResource, 0_2_00409AD0
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 2_2_00402345 StartServiceCtrlDispatcherA, 2_2_00402345
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 2_2_00402345 StartServiceCtrlDispatcherA, 2_2_00402345
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00402345 StartServiceCtrlDispatcherA, 3_2_00402345
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update Jump to behavior
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe File created: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: 0RWRPBSuDx.exe Virustotal: Detection: 9%
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe File read: C:\Users\user\Desktop\0RWRPBSuDx.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\0RWRPBSuDx.exe "C:\Users\user\Desktop\0RWRPBSuDx.exe"
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Process created: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp "C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp" /SL5="$20420,1594531,54272,C:\Users\user\Desktop\0RWRPBSuDx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process created: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe "C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process created: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe "C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -s
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Process created: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp "C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp" /SL5="$20420,1594531,54272,C:\Users\user\Desktop\0RWRPBSuDx.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process created: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe "C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -i Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process created: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe "C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Window found: window name: TMainForm Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 0RWRPBSuDx.exe Static file information: File size 1954271 > 1048576

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 2.2.codecpackupdate.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;_char3_:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 3.2.codecpackupdate.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;_char3_:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 2.2.codecpackupdate.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Unpacked PE file: 3.2.codecpackupdate.exe.400000.0.unpack
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00447DC0 LoadLibraryExA,LoadLibraryA,GetProcAddress, 1_2_00447DC0
PE file contains sections with non-standard names
Source: codecpackupdate.exe.1.dr Static PE information: section name: _char3_
Source: is-K7UM1.tmp.1.dr Static PE information: section name: /4
Source: is-K5GCJ.tmp.1.dr Static PE information: section name: /4
Source: is-MU2B9.tmp.1.dr Static PE information: section name: /4
Source: is-IQC7T.tmp.1.dr Static PE information: section name: /4
Source: is-7NJT9.tmp.1.dr Static PE information: section name: /4
Source: is-06H7C.tmp.1.dr Static PE information: section name: /4
Source: WWAN_MobileFixup 2.33.197.66.exe.2.dr Static PE information: section name: _char3_
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00406518 push 00406555h; ret 0_2_0040654D
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00408028 push ecx; mov dword ptr [esp], eax 0_2_0040802D
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00404185 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00404206 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_0040C218 push eax; ret 0_2_0040C219
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00404283 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00408E5C push 00408E8Fh; ret 0_2_00408E87
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004098B4 push 004098F1h; ret 1_2_004098E9
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047E194 push 0047E272h; ret 1_2_0047E26A
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045C1BC push ecx; mov dword ptr [esp], eax 1_2_0045C1C1
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax 1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00410640 push ecx; mov dword ptr [esp], edx 1_2_00410645
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040A6C8 push esp; retf 1_2_0040A6D1
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00430700 push ecx; mov dword ptr [esp], eax 1_2_00430705
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00412898 push 004128FBh; ret 1_2_004128F3
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00442CD4 push ecx; mov dword ptr [esp], ecx 1_2_00442CD8
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00450C80 push 00450CB3h; ret 1_2_00450CAB
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00472D24 push ecx; mov dword ptr [esp], edx 1_2_00472D25
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040CF98 push ecx; mov dword ptr [esp], edx 1_2_0040CF9A
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040546D push eax; ret 1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040F4F8 push ecx; mov dword ptr [esp], edx 1_2_0040F4FA
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040553D push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004055BE push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0040563B push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004576DC push 00457720h; ret 1_2_00457718
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047F7E8 push ecx; mov dword ptr [esp], ecx 1_2_0047F7ED
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00419B98 push ecx; mov dword ptr [esp], ecx 1_2_00419B9D
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00455E70 push 00455EA8h; ret 1_2_00455EA0
Source: codecpackupdate.exe.1.dr Static PE information: section name: .text entropy: 7.659657621272276
Source: WWAN_MobileFixup 2.33.197.66.exe.2.dr Static PE information: section name: .text entropy: 7.659657621272276

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_00401A4F
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_009FF7D6
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\libbz2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-IQC7T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\libvorbis-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-K7UM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-K5GCJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe File created: C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\libogg-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-MD4P1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\libgcc_s_dw2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe File created: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-MU2B9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-7NJT9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\is-06H7C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File created: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe File created: C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe Jump to dropped file

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_00401A4F
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_009FF7D6
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 2_2_00402345 StartServiceCtrlDispatcherA, 2_2_00402345
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0042414C IsIconic,SetActiveWindow,SetFocus, 1_2_0042414C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00424104 IsIconic,SetActiveWindow, 1_2_00424104
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 1_2_004182F4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 1_2_004227CC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00417508 IsIconic,GetCapture, 1_2_00417508
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047DB50 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, 1_2_0047DB50
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00417C40 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 1_2_00417C40
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00417C3E IsIconic,SetWindowPos, 1_2_00417C3E
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0044AEEC LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_0044AEEC
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Contains functionality to query network adapater information
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_00401B4B
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 3_2_00401B4B
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 3_2_009FF8DA
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Window / User API: threadDelayed 9701 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\libbz2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-IQC7T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\libvorbis-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-K7UM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-K5GCJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\libogg-0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-MD4P1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\libgcc_s_dw2-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-MU2B9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-7NJT9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Codec Pack Update\is-06H7C.tmp Jump to dropped file
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Evasive API call chain: GetSystemTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 7148 Thread sleep count: 120 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 7148 Thread sleep time: -240000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 2044 Thread sleep count: 89 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 2044 Thread sleep time: -5340000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 7148 Thread sleep count: 9701 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe TID: 7148 Thread sleep time: -19402000s >= -30000s Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe File opened: PhysicalDrive0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047A44C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_0047A44C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0047077C FindFirstFileA,FindNextFileA,FindClose, 1_2_0047077C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004513E4 FindFirstFileA,GetLastError, 1_2_004513E4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004601DC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_004601DC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00478334 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_00478334
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00460658 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_00460658
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045EC50 FindFirstFileA,FindNextFileA,FindClose, 1_2_0045EC50
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00491EBC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_00491EBC
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00409A14 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 0_2_00409A14
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: 0RWRPBSuDx.tmp, 00000001.00000002.2867870941.0000000000689000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: codecpackupdate.exe, 00000003.00000002.2868115063.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, codecpackupdate.exe, 00000003.00000002.2868115063.00000000009E6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe API call chain: ExitProcess graph end node

Anti Debugging
barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A100FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 3_2_00A100FE
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A100FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 3_2_00A100FE
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00447DC0 LoadLibraryExA,LoadLibraryA,GetProcAddress, 1_2_00447DC0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_009F6487 RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection, 3_2_009F6487
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A09468 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00A09468
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004734AC ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle, 1_2_004734AC
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_0045AEE4 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree, 1_2_0045AEE4
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe Code function: 3_2_00A07FAD cpuid 3_2_00A07FAD
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: GetLocaleInfoA, 0_2_0040515C
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: GetLocaleInfoA, 0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: GetLocaleInfoA, 1_2_004084D0
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: GetLocaleInfoA, 1_2_0040851C
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_004569D4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle, 1_2_004569D4
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_004026C4 GetSystemTime, 0_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp Code function: 1_2_00453D04 GetUserNameA, 1_2_00453D04
Source: C:\Users\user\Desktop\0RWRPBSuDx.exe Code function: 0_2_00405C44 GetVersionExA, 0_2_00405C44

Stealing of Sensitive Information
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000003.00000002.2868320795.00000000009F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2867940792.0000000000731000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: codecpackupdate.exe PID: 7084, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000003.00000002.2868320795.00000000009F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2867940792.0000000000731000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: codecpackupdate.exe PID: 7084, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1417492 Sample: 0RWRPBSuDx.exe Startdate: 29/03/2024 Architecture: WINDOWS Score: 100 32 bvuppwf.com 2->32 38 Snort IDS alert for network traffic 2->38 40 Multi AV Scanner detection for domain / URL 2->40 42 Found malware configuration 2->42 44 11 other signatures 2->44 8 0RWRPBSuDx.exe 2 2->8         started        signatures3 process4 file5 22 C:\Users\user\AppData\...\0RWRPBSuDx.tmp, PE32 8->22 dropped 11 0RWRPBSuDx.tmp 14 17 8->11         started        process6 file7 24 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 11->24 dropped 26 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 11->26 dropped 28 C:\Users\user\AppData\Local\...\_RegDLL.tmp, PE32 11->28 dropped 30 15 other files (14 malicious) 11->30 dropped 14 codecpackupdate.exe 1 17 11->14         started        17 codecpackupdate.exe 1 2 11->17         started        process8 dnsIp9 34 bvuppwf.com 45.142.214.240, 49736, 49740, 49741 ALEXHOSTMD Russian Federation 14->34 36 88.80.148.19, 2023, 49737, 49739 BELCLOUDBG Bulgaria 14->36 20 C:\...\WWAN_MobileFixup 2.33.197.66.exe, PE32 17->20 dropped file10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
88.80.148.19
 unknown Bulgaria
44901 BELCLOUDBG false
45.142.214.240
 bvuppwf.com Russian Federation
200019 ALEXHOSTMD true

Contacted Domains

Name IP Active
bvuppwf.com 45.142.214.240 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
bvuppwf.com true
  • Avira URL Cloud: safe
 unknown
http://bvuppwf.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffe16c1ec909e3b true
  • Avira URL Cloud: safe
 unknown
http://bvuppwf.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216 true
  • Avira URL Cloud: safe
 unknown