Windows Analysis Report
Y3hoUa55dT.exe

Overview

General Information

Sample name:	Y3hoUa55dT.exe renamed because original name is a hash value
Original sample name:	f1d29fddb47e42d7dbf2cf42ba36cc72.exe
Analysis ID:	1428422
MD5:	f1d29fddb47e42d7dbf2cf42ba36cc72
SHA1:	95be0248f53891aa5abecc498af5c3c98b532ba6
SHA256:	a50431ef857f65eb57d4418d917b25307371dd2612c045c0d34f78cea631996c
Tags:	32exeSocks5Systemz
Infos:

Detection

Socks5Systemz

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Socks5Systemz

Contains functionality to infect the boot sector

Found API chain indicative of debugger detection

Machine Learning detection for dropped file

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to query network adapater information

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Avira: detection malicious, Label: HEUR/AGEN.1314993
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Avira: detection malicious, Label: HEUR/AGEN.1314993

Multi AV Scanner detection for submitted file

Source: Y3hoUa55dT.exe

ReversingLabs: Detection: 28%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459B7C 6CAA6DE0,6CAA6DE0,6CAA6DE0,ISCryptGetVersion,	1_2_00459B7C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459C48 ArcFourCrypt,	1_2_00459C48
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459C30 ArcFourCrypt,	1_2_00459C30
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_10001000 ISCryptGetVersion,	1_2_10001000
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_10001130 ArcFourCrypt,	1_2_10001130

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack

Uses 32bit PE files

Source: Y3hoUa55dT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source:

Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-L64E0.tmp.1.dr

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450B28 FindFirstFileA,GetLastError,	1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0048B6CC FindFirstFileA,6CAA82A0,FindNextFileA,FindClose,	1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045DD94

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49712 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49713 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49717 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49718 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49719 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49720 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49721 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49722 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49723 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49724 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49725 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49726 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49727 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49728 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49729 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49730 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49731 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49732 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49733 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49734 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49735 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49736 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49737 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49738 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49739 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49740 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49741 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49742 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49743 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49744 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49745 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49747 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49749 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49750 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49751 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49752 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49753 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49754 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49755 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49756 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49757 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49758 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49759 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49760 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49761 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49762 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49763 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49764 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49765 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49766 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49767 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49768 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49769 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49770 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49771 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49772 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49773 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49774 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49775 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49776 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49777 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49778 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49779 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49780 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49781 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49782 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49783 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49784 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49785 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49786 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49787 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49788 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49789 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49790 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49791 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49792 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49793 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49794 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49795 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49796 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49797 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49798 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49799 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49800 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49801 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49802 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49803 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49804 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49805 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49806 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49807 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49808 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49809 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49810 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49811 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49812 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49813 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49814 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49815 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49816 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49817 -> 45.88.90.160:80

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49715 -> 89.105.201.183:2023

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 45.88.90.160 45.88.90.160
Source: Joe Sandbox View	IP Address: 89.105.201.183 89.105.201.183

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: LVLT-10753US LVLT-10753US

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	UDP traffic detected without corresponding DNS query: 141.98.234.31

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B472A7 Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,_memset,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,_memset,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,_memset,_memset,_memset,_memset,_malloc,_memset,_strtok,_swscanf,_strtok,_free,Sleep,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_memset,_free,

4_2_02B472A7

Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: unknown

DNS traffic detected: queries for: bnkbuqg.com

Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000A81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/
Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000A81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644
Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://s.symcd.com06
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://vovsoft.com
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: Y3hoUa55dT.exe	String found in binary or memory: http://www.innosetup.com
Source: is-LN43L.tmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.innosetup.com/
Source: is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org).
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://www.openssl.org/f
Source: is-RDQCU.tmp.1.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?ps
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?psU
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: is-L64E0.tmp.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/
Source: is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/.
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/newsletter/
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: https://www.openssl.org/H

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423AFC NtdllDefWindowProc_A,	1_2_00423AFC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00412550 NtdllDefWindowProc_A,	1_2_00412550
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00454938 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_00454938

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401A4F: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification,

3_2_00401A4F

Detected potential crypto function

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00408294	0_2_00408294
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00468BB8	1_2_00468BB8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00461164	1_2_00461164
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00475E88	1_2_00475E88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00430248	1_2_00430248
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004444DC	1_2_004444DC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004346A4	1_2_004346A4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004448E8	1_2_004448E8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045ACC4	1_2_0045ACC4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0043D0C4	1_2_0043D0C4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00463168	1_2_00463168
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047B28C	1_2_0047B28C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0042F7EC	1_2_0042F7EC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00481818	1_2_00481818
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0044383C	1_2_0044383C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004339A0	1_2_004339A0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00457DD8	1_2_00457DD8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00443DE4	1_2_00443DE4
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_00401051	3_2_00401051
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_00401C26	3_2_00401C26
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_00401051	4_2_00401051
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_00401C26	4_2_00401C26
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B7BCEB	4_2_02B7BCEB
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B7BD58	4_2_02B7BD58
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B653A0	4_2_02B653A0
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5E18D	4_2_02B5E18D
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B59E84	4_2_02B59E84
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B64E29	4_2_02B64E29
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B4EFAD	4_2_02B4EFAD
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5DC99	4_2_02B5DC99
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5AC3A	4_2_02B5AC3A
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B58442	4_2_02B58442
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B62DB4	4_2_02B62DB4
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5E5A5	4_2_02B5E5A5

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00403418 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00405974 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00454F88 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 004034AC appears 81 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00406A10 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00445418 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00408B90 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00407878 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 004338B8 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00455178 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 0040369C appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00451394 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00445148 appears 43 times
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: String function: 02B58AE0 appears 37 times
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: String function: 02B65330 appears 139 times

PE file contains executable resources (Code or Archives)

Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Sample file is different than original file name gathered from version info

Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs Y3hoUa55dT.exe

Uses 32bit PE files

Source: Y3hoUa55dT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: cddvdrunner2333.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _setup64.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/27@1/2

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B508B8 FormatMessageA,GetLastError,

4_2_02B508B8

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004090EC AdjustTokenPrivileges,GetLastError,6CD740E0,	0_2_004090EC
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00409120 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CD740E0,	0_2_00409120
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00453394 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CD740E0,	1_2_00453394

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_00453BC4 GetModuleHandleA,6CAA6DE0,GetDiskFreeSpaceA,

1_2_00453BC4

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,		3_2_0040B519
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,		4_2_0040B519

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_00409868 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409868

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,

3_2_004022B5

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,	3_2_004022B5
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_0040230A StartServiceCtrlDispatcherA,	3_2_0040230A
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_004022B5 StartServiceCtrlDispatcherA,	4_2_004022B5
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_0040230A StartServiceCtrlDispatcherA,	4_2_0040230A

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

File created: C:\Users\user\AppData\Local\CD-DVD-Runner

Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

File created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Y3hoUa55dT.exe

ReversingLabs: Detection: 28%

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

File read: C:\Users\user\Desktop\Y3hoUa55dT.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Y3hoUa55dT.exe "C:\Users\user\Desktop\Y3hoUa55dT.exe"
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp "C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp" /SL4 $2042C "C:\Users\user\Desktop\Y3hoUa55dT.exe" 3710753 52224
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp "C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp" /SL4 $2042C "C:\Users\user\Desktop\Y3hoUa55dT.exe" 3710753 52224	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s	Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winnsi.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Window found: window name: TMainForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Y3hoUa55dT.exe

Static file information: File size 4066205 > 1048576

Source:

Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-L64E0.tmp.1.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview4:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview4:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,

3_2_00401B4B

PE file contains sections with non-standard names

Source: cddvdrunner2333.exe.1.dr	Static PE information: section name: .rview4
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: section name: .rview4

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00408BF0 push 00408C23h; ret	0_2_00408C1B
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00407F50 push ecx; mov dword ptr [esp], eax	0_2_00407F55
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004098D0 push 0040990Dh; ret	1_2_00409905
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00430248 push ecx; mov dword ptr [esp], eax	1_2_0043024D
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047A290 push ecx; mov dword ptr [esp], ecx	1_2_0047A295
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004062B0 push ecx; mov dword ptr [esp], eax	1_2_004062B1
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450424 push 00450457h; ret	1_2_0045044F
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A5BC push eax; retn 0040h	1_2_0040A5BD
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00410648 push ecx; mov dword ptr [esp], edx	1_2_0041064D
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A600 push eax; ret	1_2_0040A601
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004427B4 push ecx; mov dword ptr [esp], ecx	1_2_004427B8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A8D2 pushad ; iretd	1_2_0040A8D9
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004128A0 push 00412903h; ret	1_2_004128FB
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045A980 push ecx; mov dword ptr [esp], eax	1_2_0045A985
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00456A30 push 00456A74h; ret	1_2_00456A6C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00478D04 push 00478DE2h; ret	1_2_00478DDA
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040CFA0 push ecx; mov dword ptr [esp], edx	1_2_0040CFA2
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405485 push eax; ret	1_2_004054C1
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405555 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040F500 push ecx; mov dword ptr [esp], edx	1_2_0040F502
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004055D6 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405653 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004056B8 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00419BA0 push ecx; mov dword ptr [esp], ecx	1_2_00419BA5
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00409F8B push ds; ret	1_2_00409FB5

Source: cddvdrunner2333.exe.1.dr	Static PE information: section name: .text entropy: 7.696197237427596
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: section name: .text entropy: 7.696197237427596

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	3_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_02B4F7D6

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	File created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe

Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	3_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_02B4F7D6

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,

3_2_004022B5

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00424154 IsIconic,SetActiveWindow,SetFocus,	1_2_00424154
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0042410C IsIconic,SetActiveWindow,	1_2_0042410C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004182FC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_004182FC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004786D4 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_004786D4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004227D4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_004227D4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417510 IsIconic,GetCapture,	1_2_00417510
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417C46 IsIconic,SetWindowPos,	1_2_00417C46
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417C48 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C48

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains functionality to query network adapater information

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,	3_2_00401B4B
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,	4_2_00401B4B
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetAdaptersInfo,FreeLibrary,	4_2_02B4F8DA

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Window / User API: threadDelayed 9684

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep count: 125 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep time: -250000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 5060	Thread sleep count: 98 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 5060	Thread sleep time: -5880000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep count: 9684 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep time: -19368000s >= -30000s	Jump to behavior

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450B28 FindFirstFileA,GetLastError,	1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0048B6CC FindFirstFileA,6CAA82A0,FindNextFileA,FindClose,	1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045DD94

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_004097AC GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_004097AC

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Source: cddvdrunner2333.exe, 00000004.00000002.3366057357.0000000003412000.00000004.00000020.00020000.00000000.sdmp, cddvdrunner2333.exe, 00000004.00000002.3365188100.00000000009CA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B600FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,

4_2_02B600FE

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

4_2_02B600FE

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,

3_2_00401B4B

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B46487 RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,_memset,

4_2_02B46487

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B59468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_02B59468

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_00459618 GetVersion,GetModuleHandleA,6CAA6DE0,6CAA6DE0,6CAA6DE0,AllocateAndInitializeSid,LocalFree,

1_2_00459618

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B57FAD cpuid

4_2_02B57FAD

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: GetLocaleInfoA,	1_2_004084EC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: GetLocaleInfoA,	1_2_00408538

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_00455AD4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,6CAA74B0,SetNamedPipeHandleState,6CD53DA0,CloseHandle,CloseHandle,

1_2_00455AD4

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_0045332C GetUserNameA,

1_2_0045332C

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Stealing of Sensitive Information

Yara detected Socks5Systemz

Source: Yara match	File source: 00000004.00000002.3365745143.0000000002B41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3365630488.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cddvdrunner2333.exe PID: 5736, type: MEMORYSTR

Remote Access Functionality

Yara detected Socks5Systemz

Source: Yara match	File source: 00000004.00000002.3365745143.0000000002B41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3365630488.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cddvdrunner2333.exe PID: 5736, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.88.90.160	bnkbuqg.com	Bulgaria		10753	LVLT-10753US	true
89.105.201.183	unknown	Netherlands		24875	NOVOSERVE-ASNL	false

Contacted Domains

Name	IP	Active
bnkbuqg.com	45.88.90.160	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://bnkbuqg.com/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f	true		unknown
http://bnkbuqg.com/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32	true		unknown

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Avira: detection malicious, Label: HEUR/AGEN.1314993
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Avira: detection malicious, Label: HEUR/AGEN.1314993

Multi AV Scanner detection for submitted file

Source: Y3hoUa55dT.exe

ReversingLabs: Detection: 28%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459B7C 6CAA6DE0,6CAA6DE0,6CAA6DE0,ISCryptGetVersion,	1_2_00459B7C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459C48 ArcFourCrypt,	1_2_00459C48
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00459C30 ArcFourCrypt,	1_2_00459C30
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_10001000 ISCryptGetVersion,	1_2_10001000
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_10001130 ArcFourCrypt,	1_2_10001130

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack

Uses 32bit PE files

Source: Y3hoUa55dT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source:

Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-L64E0.tmp.1.dr

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450B28 FindFirstFileA,GetLastError,	1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0048B6CC FindFirstFileA,6CAA82A0,FindNextFileA,FindClose,	1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045DD94

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49712 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49713 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49717 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49718 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49719 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49720 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49721 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49722 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49723 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49724 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49725 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49726 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49727 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49728 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49729 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49730 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49731 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49732 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49733 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49734 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49735 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49736 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49737 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49738 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49739 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49740 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49741 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49742 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49743 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49744 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49745 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49747 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49749 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49750 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49751 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49752 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49753 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49754 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49755 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49756 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49757 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49758 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49759 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49760 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49761 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49762 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49763 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49764 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49765 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49766 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49767 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49768 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49769 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49770 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49771 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49772 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49773 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49774 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49775 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49776 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49777 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49778 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49779 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49780 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49781 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49782 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49783 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49784 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49785 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49786 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49787 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49788 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49789 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49790 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49791 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49792 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49793 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49794 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49795 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49796 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49797 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49798 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49799 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49800 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49801 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49802 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49803 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49804 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49805 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49806 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49807 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49808 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49809 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49810 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49811 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49812 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49813 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49814 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49815 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49816 -> 45.88.90.160:80
Source: Traffic	Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.5:49817 -> 45.88.90.160:80

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49715 -> 89.105.201.183:2023

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 45.88.90.160 45.88.90.160
Source: Joe Sandbox View	IP Address: 89.105.201.183 89.105.201.183

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: LVLT-10753US LVLT-10753US

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	TCP traffic detected without corresponding DNS query: 89.105.201.183
Source: unknown	UDP traffic detected without corresponding DNS query: 141.98.234.31

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

4_2_02B472A7

Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32 HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f HTTP/1.1Host: bnkbuqg.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: unknown

DNS traffic detected: queries for: bnkbuqg.com

Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000A81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/
Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000A81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644
Source: cddvdrunner2333.exe, 00000004.00000002.3365188100.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://s.symcd.com06
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://vovsoft.com
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: Y3hoUa55dT.exe	String found in binary or memory: http://www.innosetup.com
Source: is-LN43L.tmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.innosetup.com/
Source: is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org).
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: http://www.openssl.org/f
Source: is-RDQCU.tmp.1.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?ps
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364545566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-LN43L.tmp.0.dr, is-3DMAJ.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?psU
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: is-L64E0.tmp.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/
Source: is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/.
Source: Y3hoUa55dT.exe, 00000000.00000002.3364956873.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107545241.0000000002320000.00000004.00001000.00020000.00000000.sdmp, Y3hoUa55dT.exe, 00000000.00000003.2107642084.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112178028.0000000003170000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000003.2112265980.0000000002308000.00000004.00001000.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3364921786.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, is-LN43L.tmp, 00000001.00000002.3365357439.0000000002314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/newsletter/
Source: is-RDQCU.tmp.1.dr, is-0BU0T.tmp.1.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: is-L64E0.tmp.1.dr	String found in binary or memory: https://www.openssl.org/H

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423AFC NtdllDefWindowProc_A,	1_2_00423AFC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00412550 NtdllDefWindowProc_A,	1_2_00412550
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00454938 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_00454938

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401A4F: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification,

3_2_00401A4F

Detected potential crypto function

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00408294	0_2_00408294
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00468BB8	1_2_00468BB8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00461164	1_2_00461164
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00475E88	1_2_00475E88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00430248	1_2_00430248
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004444DC	1_2_004444DC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004346A4	1_2_004346A4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004448E8	1_2_004448E8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045ACC4	1_2_0045ACC4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0043D0C4	1_2_0043D0C4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00463168	1_2_00463168
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047B28C	1_2_0047B28C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0042F7EC	1_2_0042F7EC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00481818	1_2_00481818
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0044383C	1_2_0044383C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004339A0	1_2_004339A0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00457DD8	1_2_00457DD8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00443DE4	1_2_00443DE4
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_00401051	3_2_00401051
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_00401C26	3_2_00401C26
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_00401051	4_2_00401051
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_00401C26	4_2_00401C26
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B7BCEB	4_2_02B7BCEB
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B7BD58	4_2_02B7BD58
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B653A0	4_2_02B653A0
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5E18D	4_2_02B5E18D
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B59E84	4_2_02B59E84
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B64E29	4_2_02B64E29
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B4EFAD	4_2_02B4EFAD
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5DC99	4_2_02B5DC99
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5AC3A	4_2_02B5AC3A
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B58442	4_2_02B58442
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B62DB4	4_2_02B62DB4
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_02B5E5A5	4_2_02B5E5A5

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00403418 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00405974 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00454F88 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 004034AC appears 81 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00406A10 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00445418 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00408B90 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00407878 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 004338B8 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00455178 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 0040369C appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00451394 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: String function: 00445148 appears 43 times
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: String function: 02B58AE0 appears 37 times
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: String function: 02B65330 appears 139 times

PE file contains executable resources (Code or Archives)

Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-LN43L.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-3DMAJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Sample file is different than original file name gathered from version info

Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2107942392.0000000002320000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs Y3hoUa55dT.exe
Source: Y3hoUa55dT.exe, 00000000.00000003.2108144240.00000000020B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs Y3hoUa55dT.exe

Uses 32bit PE files

Source: Y3hoUa55dT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: cddvdrunner2333.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _setup64.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/27@1/2

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B508B8 FormatMessageA,GetLastError,

4_2_02B508B8

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004090EC AdjustTokenPrivileges,GetLastError,6CD740E0,	0_2_004090EC
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00409120 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CD740E0,	0_2_00409120
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00453394 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CD740E0,	1_2_00453394

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_00453BC4 GetModuleHandleA,6CAA6DE0,GetDiskFreeSpaceA,

1_2_00453BC4

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,		3_2_0040B519
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle,		4_2_0040B519

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_00409868 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409868

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,

3_2_004022B5

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,	3_2_004022B5
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 3_2_0040230A StartServiceCtrlDispatcherA,	3_2_0040230A
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_004022B5 StartServiceCtrlDispatcherA,	4_2_004022B5
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: 4_2_0040230A StartServiceCtrlDispatcherA,	4_2_0040230A

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

File created: C:\Users\user\AppData\Local\CD-DVD-Runner

Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

File created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Y3hoUa55dT.exe

ReversingLabs: Detection: 28%

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

File read: C:\Users\user\Desktop\Y3hoUa55dT.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Y3hoUa55dT.exe "C:\Users\user\Desktop\Y3hoUa55dT.exe"
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp "C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp" /SL4 $2042C "C:\Users\user\Desktop\Y3hoUa55dT.exe" 3710753 52224
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp "C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp" /SL4 $2042C "C:\Users\user\Desktop\Y3hoUa55dT.exe" 3710753 52224	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe "C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s	Jump to behavior

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Section loaded: winnsi.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Window found: window name: TMainForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Y3hoUa55dT.exe

Static file information: File size 4066205 > 1048576

Source:

Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-L64E0.tmp.1.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview4:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview4:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 3.2.cddvdrunner2333.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Unpacked PE file: 4.2.cddvdrunner2333.exe.400000.0.unpack

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,

3_2_00401B4B

PE file contains sections with non-standard names

Source: cddvdrunner2333.exe.1.dr	Static PE information: section name: .rview4
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: section name: .rview4

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00408BF0 push 00408C23h; ret	0_2_00408C1B
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: 0_2_00407F50 push ecx; mov dword ptr [esp], eax	0_2_00407F55
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004098D0 push 0040990Dh; ret	1_2_00409905
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00430248 push ecx; mov dword ptr [esp], eax	1_2_0043024D
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047A290 push ecx; mov dword ptr [esp], ecx	1_2_0047A295
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004062B0 push ecx; mov dword ptr [esp], eax	1_2_004062B1
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450424 push 00450457h; ret	1_2_0045044F
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A5BC push eax; retn 0040h	1_2_0040A5BD
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00410648 push ecx; mov dword ptr [esp], edx	1_2_0041064D
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A600 push eax; ret	1_2_0040A601
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004427B4 push ecx; mov dword ptr [esp], ecx	1_2_004427B8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040A8D2 pushad ; iretd	1_2_0040A8D9
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004128A0 push 00412903h; ret	1_2_004128FB
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045A980 push ecx; mov dword ptr [esp], eax	1_2_0045A985
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00456A30 push 00456A74h; ret	1_2_00456A6C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00478D04 push 00478DE2h; ret	1_2_00478DDA
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040CFA0 push ecx; mov dword ptr [esp], edx	1_2_0040CFA2
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405485 push eax; ret	1_2_004054C1
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405555 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0040F500 push ecx; mov dword ptr [esp], edx	1_2_0040F502
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004055D6 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00405653 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004056B8 push 00405761h; ret	1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00419BA0 push ecx; mov dword ptr [esp], ecx	1_2_00419BA5
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00409F8B push ds; ret	1_2_00409FB5

Source: cddvdrunner2333.exe.1.dr	Static PE information: section name: .text entropy: 7.696197237427596
Source: ImageGuide 3.1.33.67.exe.3.dr	Static PE information: section name: .text entropy: 7.696197237427596

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	3_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_02B4F7D6

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	File created: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File created: C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe

Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	3_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_00401A4F
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0	4_2_02B4F7D6

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_004022B5 StartServiceCtrlDispatcherA,

3_2_004022B5

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00424154 IsIconic,SetActiveWindow,SetFocus,	1_2_00424154
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0042410C IsIconic,SetActiveWindow,	1_2_0042410C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004182FC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_004182FC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004786D4 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_004786D4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004227D4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_004227D4
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417510 IsIconic,GetCapture,	1_2_00417510
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417C46 IsIconic,SetWindowPos,	1_2_00417C46
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00417C48 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C48

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains functionality to query network adapater information

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,	3_2_00401B4B
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,	4_2_00401B4B
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	Code function: LoadLibraryA,GetAdaptersInfo,FreeLibrary,	4_2_02B4F8DA

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Window / User API: threadDelayed 9684

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep count: 125 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep time: -250000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 5060	Thread sleep count: 98 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 5060	Thread sleep time: -5880000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep count: 9684 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe TID: 2020	Thread sleep time: -19368000s >= -30000s	Jump to behavior

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_00450B28 FindFirstFileA,GetLastError,	1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0048B6CC FindFirstFileA,6CAA82A0,FindNextFileA,FindClose,	1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045DD94

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_004097AC GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_004097AC

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

4_2_02B600FE

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

4_2_02B600FE

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 3_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,

3_2_00401B4B

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

4_2_02B46487

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B59468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_02B59468

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_00459618 GetVersion,GetModuleHandleA,6CAA6DE0,6CAA6DE0,6CAA6DE0,AllocateAndInitializeSid,LocalFree,

1_2_00459618

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe

Code function: 4_2_02B57FAD cpuid

4_2_02B57FAD

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\Y3hoUa55dT.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: GetLocaleInfoA,	1_2_004084EC
Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	Code function: GetLocaleInfoA,	1_2_00408538

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

1_2_00455AD4

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp

Code function: 1_2_0045332C GetUserNameA,

1_2_0045332C

Source: C:\Users\user\Desktop\Y3hoUa55dT.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Stealing of Sensitive Information

Yara detected Socks5Systemz

Source: Yara match	File source: 00000004.00000002.3365745143.0000000002B41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3365630488.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cddvdrunner2333.exe PID: 5736, type: MEMORYSTR

Remote Access Functionality

Yara detected Socks5Systemz

Source: Yara match	File source: 00000004.00000002.3365745143.0000000002B41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3365630488.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cddvdrunner2333.exe PID: 5736, type: MEMORYSTR

ID:	1428422
Product:	CloudBasic
Start time:	22:52:09
Start date:	18.04.2024
Sample:	Y3hoUa55dT.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f1d29fddb47e42d7dbf2cf42ba36cc72
SHA1:	95be0248f53891aa5abecc498af5c3c98b532ba6
SHA256:	a50431ef857f65eb57d4418d917b25307371dd2612c045c0d34f78cea631996c
Filetype:	Win32 Executable (generic) a (10002005/4) 97.43%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe	PE32 executable (GUI) Intel 80386, for MS Windows	80D5389C5A4F9A34FFB6432986F20CF1	9FA64FBF8788152616E84F708655C7278D30E09D	13D2FCE54D140F74B58DF72E26D1BE9803A2E953F48972BF576C5E4F8B5E8F04
C:\ProgramData\ait_67.dat	Non-ISO extended-ASCII text, with no line terminators	44CF17AFA20B025FB6F389CD76484FF2	A37EA3A18FA23BF2800E3B30D5EA80127D90DA9B	6CB7FBE1F0BF29D43C3D1F44D7657A84CBA97BA213AF45E972DEAC7217A08805
C:\ProgramData\arc_67.dat	data	D119FABE038BC5D0496051658FD205E6	1959893F68220459CBD800396E1EAE7BFC382E97	A5DCF5B8418DFAFEC16079148EC90CF81DFC6276C1CCE220017C782ECB7D7AEA
C:\ProgramData\resource-a.dat	ASCII text, with no line terminators	98DDA7FC0B3E548B68DE836D333D1539	D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6	870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
C:\ProgramData\resource-b.dat	ASCII text, with no line terminators	0D6174E4525CFDED5DD1C9440B9DC1E7	173EF30A035CE666278904625EADCFAE09233A47	458677CDF0E1A4E87D32AB67D6A5EEA9E67CB3545D79A21A0624E6BB5E1087E7
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe	PE32 executable (GUI) Intel 80386, for MS Windows	80D5389C5A4F9A34FFB6432986F20CF1	9FA64FBF8788152616E84F708655C7278D30E09D	13D2FCE54D140F74B58DF72E26D1BE9803A2E953F48972BF576C5E4F8B5E8F04
C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EE856A00410ECED8CC609936D01F954E	705D378626AEC86FECFDF04C86244006BC3AF431	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	F191A8D4BC2AE9AEE8BB0660B7623567	9CE8DCAC73624F747BE19A0A5D07550EB3C8484B	25D3471F8DFCEE7D96CC5B6012FED1B5EDC3AE921847EF80E33A9D3AB6BFF7BA
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3S2MD.tmp	data	FA845E4839F4AD74EC0F0CF81E895966	BBF753CB26FDBB4C3DF5E88B0B77CFB49206EA4A	292865047A3DB73D82267BE29262D4294C2200D321D6B7DD3B15539D7EF95A6C
C:\Users\user\AppData\Local\CD-DVD-Runner\is-GDA60.tmp	data	16CF86848A0BC06CFD7263709C532C93	1A12E44836A555991264F98AD9F85F6C3D679982	26CD906968EE228FA898B8FE1E70200DBFED5FA22A8BED9794C85B288DED82E4
C:\Users\user\AppData\Local\CD-DVD-Runner\is-GK0JO.tmp	data	04D8E967D61E02A74AADE39E8C1D9A2E	D2A7A4401435FB62AD1359BC2C3ABA6C61D61DBA	1DDA0C7790693C4E36F5B978F548B6BB125B6C03FACEA2DFC1A92A0F54A93BF0
C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	20B6B06BBD211A8ACFE51193653E4167	817D442B46DD6F35FD9641E0C7262C934ED76848	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
C:\Users\user\AppData\Local\CD-DVD-Runner\is-RCHTO.tmp	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A236287C42F921D109475D47E9DCAC2B	6D7C177A0AC3076383669BCE46608EB4B6B787EC	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A236287C42F921D109475D47E9DCAC2B	6D7C177A0AC3076383669BCE46608EB4B6B787EC	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	20B6B06BBD211A8ACFE51193653E4167	817D442B46DD6F35FD9641E0C7262C934ED76848	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
C:\Users\user\AppData\Local\CD-DVD-Runner\snapshot_blob.bin (copy)	data	04D8E967D61E02A74AADE39E8C1D9A2E	D2A7A4401435FB62AD1359BC2C3ABA6C61D61DBA	1DDA0C7790693C4E36F5B978F548B6BB125B6C03FACEA2DFC1A92A0F54A93BF0
C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EE856A00410ECED8CC609936D01F954E	705D378626AEC86FECFDF04C86244006BC3AF431	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.dat	InnoSetup Log CD-DVD-Runner, version 0x2a, 3904 bytes, 910646\user, "C:\Users\user\AppData\Local\CD-DVD-Runner"	C64C27CEA5B3A522445112652AE0433C	92D679615A6A672D77357B0702EBC97E5B8977D9	1EAC6C6DB5A35C76070E9B6FCDCBF392CC6B34D2E41A29524880F8F0BC7091CB
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	F191A8D4BC2AE9AEE8BB0660B7623567	9CE8DCAC73624F747BE19A0A5D07550EB3C8484B	25D3471F8DFCEE7D96CC5B6012FED1B5EDC3AE921847EF80E33A9D3AB6BFF7BA
C:\Users\user\AppData\Local\CD-DVD-Runner\v8_context_snapshot.bin (copy)	data	16CF86848A0BC06CFD7263709C532C93	1A12E44836A555991264F98AD9F85F6C3D679982	26CD906968EE228FA898B8FE1E70200DBFED5FA22A8BED9794C85B288DED82E4
C:\Users\user\AppData\Local\CD-DVD-Runner\vk_swiftshader_icd.json (copy)	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	054EED91B90C8066725331381C056A0B	1A6ED65573F5F2E0664F32518B43B8B8CD7E14E0	17DB74C713E0C12DF74245243E7A63E75815E4F4D6FD9FECA2D4D38041DD6EF0
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A69559718AB506675E907FE49DEB71E9	BC8F404FFDB1960B50C12FF9413C893B56F2E36F	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	42BF074B99A445614BD19C6E5724A01A	A07123ADBE7FA8BBD4A001332DC08AA6D3B5AEC0	0A6C41612400C3400466A0583DBB0E6C9BD310393704807E4F9617AA53ABDED6
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	92DC6EF532FBB4A5C3201469A5B5EB63	3E89FF837147C16B4E41C30D6C796374E0B8E62C	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	782AAA5100055FB2AC7C59BB0AC9CA39	653C293FA0A42782903BA9B35F982D120CD39C36	6FDA9904124971C92F5401C6802709D8031BF78996739E65055ACE740154D0F2

Windows Analysis Report
Y3hoUa55dT.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report Y3hoUa55dT.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Y3hoUa55dT.exe