Windows Analysis Report
OA32chYJ8O.exe

Overview

General Information

Sample name: OA32chYJ8O.exe
renamed because original name is a hash value
Original sample name: 89232588779cca7da57df81d46458e64.exe
Analysis ID: 1428603
MD5: 89232588779cca7da57df81d46458e64
SHA1: 106a9a4a84cb422023e9ebce0c055c92ed36db1c
SHA256: 3242de97969e4b2826659a84e3c2b8be771ab96e7881d6574da016159f58494a
Tags: 32exeSocks5Systemztrojan
Infos:

Detection

Socks5Systemz
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Socks5Systemz
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Found malware configuration
Source: simplefreewaveeditor.exe.7668.3.memstrmin Malware Configuration Extractor: Socks5Systemz {"C2 list": ["bfoubsu.com"]}
Multi AV Scanner detection for domain / URL
Source: http://45.88.90.160/ Virustotal: Detection: 11% Perma Link
Source: http://45.88.90.160/l Virustotal: Detection: 9% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe Virustotal: Detection: 30% Perma Link
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Virustotal: Detection: 30% Perma Link
Multi AV Scanner detection for submitted file
Source: OA32chYJ8O.exe Virustotal: Detection: 18% Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Joe Sandbox ML: detected
Source: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00459B7C 6CBA6DE0,6CBA6DE0,6CBA6DE0,ISCryptGetVersion, 1_2_00459B7C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00459C48 ArcFourCrypt, 1_2_00459C48
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00459C30 ArcFourCrypt, 1_2_00459C30
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_10001000 ISCryptGetVersion, 1_2_10001000
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_10001130 ArcFourCrypt, 1_2_10001130

Compliance
barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 2.2.simplefreewaveeditor.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 3.2.simplefreewaveeditor.exe.400000.0.unpack
Uses 32bit PE files
Source: OA32chYJ8O.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-60S6C.tmp.1.dr
Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: is-CK00F.tmp, 00000001.00000002.2919011097.0000000003103000.00000002.00000001.01000000.00000006.sdmp, is-CK00F.tmp, 00000001.00000003.1671339052.0000000000602000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00450B28 FindFirstFileA,GetLastError, 1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose, 1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose, 1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0048B6CC FindFirstFileA,6CBA82A0,FindNextFileA,FindClose, 1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045DD94
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49735 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49735 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49738 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49738 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49740 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49740 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49741 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49741 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49742 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49742 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49743 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49743 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49744 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49744 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49745 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49745 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49746 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49746 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49747 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49747 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49748 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49748 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49749 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49749 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49750 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49750 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49751 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49751 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49752 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49752 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49753 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49753 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49754 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49754 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49755 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49755 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49756 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49756 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49757 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49757 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49758 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49758 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49759 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49759 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49760 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49760 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49761 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49761 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49762 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49762 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49763 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49763 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49764 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49764 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49765 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49765 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49766 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49766 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49767 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49767 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49768 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49768 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49769 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49769 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49770 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49770 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49771 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49771 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49772 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49772 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49773 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49773 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49774 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49774 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49775 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49775 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49776 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49776 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49777 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49777 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49778 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49778 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49779 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49779 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49780 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49780 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49781 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49781 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49782 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49782 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49783 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49783 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49784 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49784 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49785 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49785 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49786 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49786 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49787 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49787 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49788 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49788 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49789 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49789 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49790 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49790 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49791 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49791 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49792 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49792 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49793 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49793 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49794 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49794 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49795 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49795 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49796 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49796 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49797 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49797 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49798 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49798 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49799 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49799 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49800 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49800 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49801 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49801 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49802 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49802 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49803 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49803 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49804 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49804 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49805 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49805 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49806 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49806 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49807 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49807 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49808 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49808 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49809 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49809 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49810 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49810 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49811 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49811 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49812 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49812 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49813 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49813 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49814 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49814 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49815 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49815 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49816 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49816 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49817 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49817 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49818 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49818 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49819 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49819 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49820 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49820 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49821 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49821 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49822 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49822 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49823 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49823 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49824 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49824 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49825 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49825 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49826 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49826 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49827 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49827 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49828 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49828 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49829 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49829 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49830 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49830 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49831 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49831 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49832 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49832 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49833 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49833 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49834 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49834 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49835 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49835 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2049467 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 192.168.2.4:49836 -> 45.88.90.160:80
Source: Traffic Snort IDS: 2050112 ET TROJAN [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 192.168.2.4:49836 -> 45.88.90.160:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: bfoubsu.com
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49737 -> 88.80.148.19:2023
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 88.80.148.19 88.80.148.19
Source: Joe Sandbox View IP Address: 45.88.90.160 45.88.90.160
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: LVLT-10753US LVLT-10753US
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc14c1ec939f33 HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown TCP traffic detected without corresponding DNS query: 88.80.148.19
Source: unknown UDP traffic detected without corresponding DNS query: 45.155.250.90
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023A72A7 Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free, 3_2_023A72A7
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc14c1ec939f33 HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e HTTP/1.1Host: bfoubsu.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: unknown DNS traffic detected: queries for: bfoubsu.com
Source: simplefreewaveeditor.exe, 00000003.00000002.2918263419.0000000000BAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.88.90.160/
Source: simplefreewaveeditor.exe, 00000003.00000002.2918263419.0000000000BAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.88.90.160/l
Source: simplefreewaveeditor.exe, 00000003.00000002.2918263419.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, simplefreewaveeditor.exe, 00000003.00000002.2919634245.0000000003435000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.88.90.160/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e4908544
Source: simplefreewaveeditor.exe, 00000003.00000002.2919634245.0000000003430000.00000004.00000020.00020000.00000000.sdmp, simplefreewaveeditor.exe, 00000003.00000002.2918263419.0000000000BCB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://45.88.90.160/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: is-60S6C.tmp.1.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ocsp.thawte.com0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://s.symcd.com06
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://subca.ocsp-certum.com01
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: OA32chYJ8O.exe, 00000000.00000003.1665656782.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1665726533.00000000020D4000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000002.2918042786.00000000020E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918144740.0000000000610000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918656609.0000000002184000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://vovsoft.com
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://www.certum.pl/CPS0
Source: OA32chYJ8O.exe String found in binary or memory: http://www.innosetup.com
Source: is-CK00F.tmp, is-CK00F.tmp, 00000001.00000002.2917620226.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-CK00F.tmp.0.dr, is-1MQDJ.tmp.1.dr String found in binary or memory: http://www.innosetup.com/
Source: OA32chYJ8O.exe, 00000000.00000003.1665656782.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1665726533.00000000020D4000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000002.2918042786.00000000020E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918144740.0000000000610000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918656609.0000000002184000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org).
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: http://www.openssl.org/f
Source: is-M01UV.tmp.1.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: OA32chYJ8O.exe, 00000000.00000003.1666018305.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1666193945.00000000020E8000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, is-CK00F.tmp, 00000001.00000002.2917620226.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-CK00F.tmp.0.dr, is-1MQDJ.tmp.1.dr String found in binary or memory: http://www.remobjects.com/?ps
Source: OA32chYJ8O.exe, 00000000.00000003.1666018305.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1666193945.00000000020E8000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2917620226.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-CK00F.tmp.0.dr, is-1MQDJ.tmp.1.dr String found in binary or memory: http://www.remobjects.com/?psU
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: https://d.symcb.com/rpa0.
Source: is-60S6C.tmp.1.dr String found in binary or memory: https://sectigo.com/CPS0
Source: OA32chYJ8O.exe, 00000000.00000003.1665656782.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1665726533.00000000020D4000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000002.2918042786.00000000020E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918144740.0000000000610000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918656609.0000000002184000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/contact/
Source: is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/contact/.
Source: OA32chYJ8O.exe, 00000000.00000003.1665656782.0000000002350000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000003.1665726533.00000000020D4000.00000004.00001000.00020000.00000000.sdmp, OA32chYJ8O.exe, 00000000.00000002.2918042786.00000000020E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918144740.0000000000610000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000002.2918656609.0000000002184000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://vovsoft.com/newsletter/
Source: is-R13A0.tmp.1.dr, is-M01UV.tmp.1.dr String found in binary or memory: https://www.certum.pl/CPS0
Source: is-60S6C.tmp.1.dr String found in binary or memory: https://www.openssl.org/H
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00423AFC NtdllDefWindowProc_A, 1_2_00423AFC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00412550 NtdllDefWindowProc_A, 1_2_00412550
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00454938 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, 1_2_00454938
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_00401A4F: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, 2_2_00401A4F
Detected potential crypto function
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00408294 0_2_00408294
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00468BB8 1_2_00468BB8
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00461164 1_2_00461164
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00475E88 1_2_00475E88
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00430248 1_2_00430248
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004444DC 1_2_004444DC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004346A4 1_2_004346A4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004448E8 1_2_004448E8
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045ACC4 1_2_0045ACC4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0043D0C4 1_2_0043D0C4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00463168 1_2_00463168
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0047B28C 1_2_0047B28C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0042F7EC 1_2_0042F7EC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00481818 1_2_00481818
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0044383C 1_2_0044383C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004339A0 1_2_004339A0
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00457DD8 1_2_00457DD8
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00443DE4 1_2_00443DE4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_03101260 1_2_03101260
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_03101D20 1_2_03101D20
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_00401051 2_2_00401051
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_00401C26 2_2_00401C26
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_00401051 3_2_00401051
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_00401C26 3_2_00401C26
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023DBCEB 3_2_023DBCEB
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023DBD58 3_2_023DBD58
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023BE18D 3_2_023BE18D
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023C4E29 3_2_023C4E29
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023B9E84 3_2_023B9E84
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023AEFAD 3_2_023AEFAD
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023BAC3A 3_2_023BAC3A
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023B8442 3_2_023B8442
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023BDC99 3_2_023BDC99
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023C2DB4 3_2_023C2DB4
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023BE5A5 3_2_023BE5A5
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-60S6C.tmp 7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-M01UV.tmp 63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: String function: 023B8AE0 appears 37 times
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: String function: 023C5330 appears 138 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00403418 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00405974 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00454F88 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 004034AC appears 81 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00406A10 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00445418 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00408B90 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00407878 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 004338B8 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00455178 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 0040369C appears 194 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00451394 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: String function: 00445148 appears 43 times
PE file contains executable resources (Code or Archives)
Source: is-CK00F.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-CK00F.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-CK00F.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-CK00F.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-1MQDJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-1MQDJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-1MQDJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-1MQDJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: OA32chYJ8O.exe, 00000000.00000003.1666018305.0000000002350000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs OA32chYJ8O.exe
Source: OA32chYJ8O.exe, 00000000.00000003.1666018305.0000000002350000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilename6 vs OA32chYJ8O.exe
Source: OA32chYJ8O.exe, 00000000.00000003.1666193945.00000000020E8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs OA32chYJ8O.exe
Source: OA32chYJ8O.exe, 00000000.00000003.1666193945.00000000020E8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilename6 vs OA32chYJ8O.exe
Uses 32bit PE files
Source: OA32chYJ8O.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: simplefreewaveeditor.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _setup64.tmp.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ImageGuide 3.1.33.67.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal100.troj.evad.winEXE@8/28@1/2
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023B0800 FormatMessageA,GetLastError,FormatMessageA,GetLastError, 3_2_023B0800
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_004090EC AdjustTokenPrivileges,GetLastError,6CE740E0, 0_2_004090EC
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00409120 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CE740E0, 0_2_00409120
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00453394 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,6CE740E0, 1_2_00453394
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00453BC4 GetModuleHandleA,6CBA6DE0,GetDiskFreeSpaceA, 1_2_00453BC4
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle, 2_2_0040B519
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CreateServiceA,CloseServiceHandle, 3_2_0040B519
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00409868 FindResourceA,SizeofResource,LoadResource,LockResource, 0_2_00409868
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_004022B5 StartServiceCtrlDispatcherA, 2_2_004022B5
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_004022B5 StartServiceCtrlDispatcherA, 2_2_004022B5
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_0040230A StartServiceCtrlDispatcherA, 2_2_0040230A
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_004022B5 StartServiceCtrlDispatcherA, 3_2_004022B5
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_0040230A StartServiceCtrlDispatcherA, 3_2_0040230A
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe File created: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: OA32chYJ8O.exe Virustotal: Detection: 18%
Source: C:\Users\user\Desktop\OA32chYJ8O.exe File read: C:\Users\user\Desktop\OA32chYJ8O.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\OA32chYJ8O.exe "C:\Users\user\Desktop\OA32chYJ8O.exe"
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process created: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp "C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp" /SL4 $1048E "C:\Users\user\Desktop\OA32chYJ8O.exe" 3675463 52224
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process created: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe "C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process created: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe "C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -s
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process created: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp "C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp" /SL4 $1048E "C:\Users\user\Desktop\OA32chYJ8O.exe" 3675463 52224 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process created: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe "C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -i Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process created: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe "C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -s Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: licensemanagersvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: licensemanager.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Window found: window name: TMainForm Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: OA32chYJ8O.exe Static file information: File size 4036575 > 1048576
Source: Binary string: F:\Temp\openssl-1.1.1t\libssl-1_1.pdb source: is-60S6C.tmp.1.dr
Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: is-CK00F.tmp, 00000001.00000002.2919011097.0000000003103000.00000002.00000001.01000000.00000006.sdmp, is-CK00F.tmp, 00000001.00000003.1671339052.0000000000602000.00000004.00000020.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670813311.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, is-CK00F.tmp, 00000001.00000003.1670917081.0000000002178000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 2.2.simplefreewaveeditor.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview5:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 3.2.simplefreewaveeditor.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.rview5:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 2.2.simplefreewaveeditor.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Unpacked PE file: 3.2.simplefreewaveeditor.exe.400000.0.unpack
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_00401B4B
PE file contains sections with non-standard names
Source: simplefreewaveeditor.exe.1.dr Static PE information: section name: .rview5
Source: ImageGuide 3.1.33.67.exe.2.dr Static PE information: section name: .rview5
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00406518 push 00406555h; ret 0_2_0040654D
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00404185 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00404206 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00404283 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00408BF0 push 00408C23h; ret 0_2_00408C1B
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00407F50 push ecx; mov dword ptr [esp], eax 0_2_00407F55
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004098D0 push 0040990Dh; ret 1_2_00409905
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00430248 push ecx; mov dword ptr [esp], eax 1_2_0043024D
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0047A290 push ecx; mov dword ptr [esp], ecx 1_2_0047A295
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004062B0 push ecx; mov dword ptr [esp], eax 1_2_004062B1
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00450424 push 00450457h; ret 1_2_0045044F
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0040A5BC push eax; retn 0040h 1_2_0040A5BD
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00410648 push ecx; mov dword ptr [esp], edx 1_2_0041064D
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0040A600 push eax; ret 1_2_0040A601
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004427B4 push ecx; mov dword ptr [esp], ecx 1_2_004427B8
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0040A8D2 pushad ; iretd 1_2_0040A8D9
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004128A0 push 00412903h; ret 1_2_004128FB
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045A980 push ecx; mov dword ptr [esp], eax 1_2_0045A985
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00456A30 push 00456A74h; ret 1_2_00456A6C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00478D04 push 00478DE2h; ret 1_2_00478DDA
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0040CFA0 push ecx; mov dword ptr [esp], edx 1_2_0040CFA2
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00405485 push eax; ret 1_2_004054C1
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00405555 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0040F500 push ecx; mov dword ptr [esp], edx 1_2_0040F502
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004055D6 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00405653 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004056B8 push 00405761h; ret 1_2_00405759
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00419BA0 push ecx; mov dword ptr [esp], ecx 1_2_00419BA5
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00409F8B push ds; ret 1_2_00409FB5
Source: simplefreewaveeditor.exe.1.dr Static PE information: section name: .text entropy: 7.700850441444186
Source: ImageGuide 3.1.33.67.exe.2.dr Static PE information: section name: .text entropy: 7.700850441444186

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_00401A4F
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_023AF7D6
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-R13A0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-1MQDJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\libssl-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-M01UV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Jump to dropped file
Source: C:\Users\user\Desktop\OA32chYJ8O.exe File created: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\ssleay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_isdecmp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\libeay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-60S6C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File created: C:\Users\user\AppData\Local\Simple Free Wave Editor\unins000.exe (copy) Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe File created: C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe Jump to dropped file

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 2_2_00401A4F
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_00401A4F
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive0 3_2_023AF7D6
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_004022B5 StartServiceCtrlDispatcherA, 2_2_004022B5
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00423B84 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_00423B84
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00424154 IsIconic,SetActiveWindow,SetFocus, 1_2_00424154
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0042410C IsIconic,SetActiveWindow, 1_2_0042410C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004182FC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 1_2_004182FC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004786D4 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, 1_2_004786D4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004227D4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 1_2_004227D4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00417510 IsIconic,GetCapture, 1_2_00417510
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00417C46 IsIconic,SetWindowPos, 1_2_00417C46
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00417C48 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 1_2_00417C48
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains functionality to query network adapater information
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_00401B4B
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 3_2_00401B4B
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: LoadLibraryA,GetAdaptersInfo,FreeLibrary, 3_2_023AF8DA
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Window / User API: threadDelayed 9612 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-R13A0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-1MQDJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\libssl-1_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-M01UV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\ssleay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_RegDLL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_iscrypt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_isdecmp.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\libeay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\is-60S6C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Simple Free Wave Editor\unins000.exe (copy) Jump to dropped file
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Evasive API call chain: GetSystemTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7672 Thread sleep count: 186 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7672 Thread sleep time: -372000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7184 Thread sleep count: 103 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7184 Thread sleep time: -6180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7672 Thread sleep count: 9612 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe TID: 7672 Thread sleep time: -19224000s >= -30000s Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe File opened: PhysicalDrive0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00450B28 FindFirstFileA,GetLastError, 1_2_00450B28
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0046CB9C FindFirstFileA,FindNextFileA,FindClose, 1_2_0046CB9C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0047502C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_0047502C
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045E128 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045E128
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045CC88 FindFirstFileA,FindNextFileA,FindClose, 1_2_0045CC88
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_004732B0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, 1_2_004732B0
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0048B6CC FindFirstFileA,6CBA82A0,FindNextFileA,FindClose, 1_2_0048B6CC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045DD94 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_0045DD94
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_004097AC GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 0_2_004097AC
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: simplefreewaveeditor.exe, 00000003.00000002.2918263419.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWp
Source: simplefreewaveeditor.exe, 00000003.00000002.2919634245.0000000003435000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\OA32chYJ8O.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe API call chain: ExitProcess graph end node

Anti Debugging
barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023C00FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 3_2_023C00FE
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023C00FE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer, 3_2_023C00FE
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 2_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary, 2_2_00401B4B
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023A6487 RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection, 3_2_023A6487
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023B9468 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_023B9468
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00459618 GetVersion,GetModuleHandleA,6CBA6DE0,6CBA6DE0,6CBA6DE0,AllocateAndInitializeSid,LocalFree, 1_2_00459618
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe Code function: 3_2_023B7FAD cpuid 3_2_023B7FAD
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: GetLocaleInfoA, 0_2_0040515C
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: GetLocaleInfoA, 0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: GetLocaleInfoA, 1_2_004084EC
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: GetLocaleInfoA, 1_2_00408538
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_00455AD4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,6CBA74B0,SetNamedPipeHandleState,6CE53DA0,CloseHandle,CloseHandle, 1_2_00455AD4
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_004026C4 GetSystemTime, 0_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp Code function: 1_2_0045332C GetUserNameA, 1_2_0045332C
Source: C:\Users\user\Desktop\OA32chYJ8O.exe Code function: 0_2_00405C44 GetVersionExA, 0_2_00405C44

Stealing of Sensitive Information
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000003.00000002.2918001654.0000000000963000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2918702907.00000000023A1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: simplefreewaveeditor.exe PID: 7668, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Socks5Systemz
Source: Yara match File source: 00000003.00000002.2918001654.0000000000963000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2918702907.00000000023A1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: simplefreewaveeditor.exe PID: 7668, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428603 Sample: OA32chYJ8O.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 100 37 Snort IDS alert for network traffic 2->37 39 Multi AV Scanner detection for domain / URL 2->39 41 Found malware configuration 2->41 43 9 other signatures 2->43 7 OA32chYJ8O.exe 2 2->7         started        10 svchost.exe 2->10         started        process3 file4 23 C:\Users\user\AppData\Local\...\is-CK00F.tmp, PE32 7->23 dropped 12 is-CK00F.tmp 10 27 7->12         started        process5 file6 25 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 12->25 dropped 27 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 12->27 dropped 29 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 12->29 dropped 31 11 other files (10 malicious) 12->31 dropped 15 simplefreewaveeditor.exe 1 17 12->15         started        18 simplefreewaveeditor.exe 1 2 12->18         started        process7 dnsIp8 33 bfoubsu.com 45.88.90.160, 49735, 49738, 49740 LVLT-10753US Bulgaria 15->33 35 88.80.148.19, 2023, 49737, 49739 BELCLOUDBG Bulgaria 15->35 21 C:\ProgramData\...\ImageGuide 3.1.33.67.exe, PE32 18->21 dropped file9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
88.80.148.19
 unknown Bulgaria
44901 BELCLOUDBG false
45.88.90.160
 bfoubsu.com Bulgaria
10753 LVLT-10753US true

Contacted Domains

Name IP Active
bfoubsu.com 45.88.90.160 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://bfoubsu.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e true
    		unknown
    http://bfoubsu.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc14c1ec939f33 true
      		unknown
      bfoubsu.com true
        		unknown