bd.bin
This report is generated from a file or URL submitted to this webservice on March 5th 2020 06:26:49 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Evasive
-
Found a reference to a WMI query string known to be used for VM detection
Possibly tries to implement anti-virtualization techniques
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 2
-
Unusual Characteristics
-
References BIOS/BOOT related strings
- details
-
"49
1- .
50
win 7 ntldr
55 4
ubuntu
-
11 ?
1
28
dirtex
hitachi
sartorius 200
www
twilight eve orpg
5770 vapor-x
2
4- 44
unika ard manager 1.0
ujkfz
tucson crdi
122053100215/071
1982
vogue
mp3
2 2009
comod ua
1
plaxa" - source
- File/Memory
- relevance
- 9/10
-
References suspicious system modules
- details
-
"if + you gonna leave
pretul unei inmatriculari in moldova
iptv player
www tv ru
1827 a a
ntoskrnl
1
3d +
3752
3.7
a -
chatrulet
visual+basic+6.0
24open
3200 v3.00.01.07
20
utp 4" - source
- File/Memory
- relevance
- 5/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
-
References BIOS/BOOT related strings
-
Suspicious Indicators 6
-
Anti-Reverse Engineering
-
Possibly checks for known debuggers/analysis tools
- details
-
"mp3
wizard
1
2012
1
5 5 5 5=5
pioneer ct-w208r
usb
hertapah mas - 16.10.2012
4
1
.. + + buider
chinchilla club [chinchil@mail.ru]
river 2 sea
2000 / romeo and juliet paris
helmke ? ?
hasker da - love is all around
25
child sex nude
unreal tournament ? symbian 9.4
apc ups surt8000
wmzmoney.net.ru
[pack] gta iv
193.3771
betfair
21 2011
2115
840-1003013-20
tx-21ck1p
5
1 . .
jvc kd g617
s
- 3d
boot 5
1 ruboard
ai tominaga son
wtf
3d xpand x103
4plast
flh-t
a 16 20 30
dj casper cha cha slide
812 753-74-02
5w20
2 2
golden rose
987-97-50
3g-zone
ubuntu
help process monitor
gps
mr credo
001-
wr 2500
771345 legrang
+
cranch bmx4175
7-
copa bimbo
4
cp2146tan
volkswagen
2.
world of tanks 0.7.3
.
3g 2g
play ball" (Indicator: "process monitor")
".
- 2005-2008
will is going to do
uedth
canli iqra
fluorescent tubes
dj masha rostova
hd ready
online
ian brown the world is yours
3
volosi sredstvo ot vipadeniya
564d30f1ebe2
-
radex polishing cloth
.
mptool
call of duty world at war map pack 3 wallpapers
tda 2545 pdf
baw qishi
8 2
cqeen
1941
0 15641
alcohol 120
apprentice adventurer's weapon
9
225 55 r16
winxp 2
havoc hailay
dir320 ppoe
4
fireboard boxes
c+ +
1945 european map
80201
50
225 18 tyres
fija wifi
pingu loves english
windows 0000007
pirotechnica.one.pi
1-
planetino 1" (Indicator: "ntice")
"?
220 proftpd 1.3.3c server ready
fkmd predator 1
centos vpn no valid secrets
process monitor - delphi
user registration settings phpbb
pivoine de chine peter brandt
turck" (Indicator: "process monitor")
"?
plan de frecuencias en estaciones base
402
a-10 -25
7
cos
work and travel
harley quinn arkham asylum costume
39
775-75-45
hardware store mp3
tutvse de
1- .
online iq
c#
ifile iphone ios5
1
business process management system software
process monitor
900100
ubuntu nvidia
28
. 11
@virgilio.it
21
2678953
mp3
5
5. adobe photoshop
pinnacle 9" (Indicator: "process monitor") - source
- File/Memory
- relevance
- 2/10
-
Possibly checks for known debuggers/analysis tools
-
Environment Awareness
-
Found a reference to a WMI query string known to be used for VM detection
- details
-
"pinacle
c+ +
tv
tupperware
1c
win32_service vbs
403, articledirectory, marketingsource.com
sex viddeo
aion
jk
flowersclub.info
vk.com/robots.txt
808
4 2112
www pari - match com
100" (Indicator: "win32_service"; File: "cffd66605b6f498828c3ffa84b15a2113f2983c7c6ef522c7b6c097e32d985f9.bin") - source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1047 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly tries to implement anti-virtualization techniques
- details
-
"mp3
3.3 voltage
5
8-920-253-93-77
world of
15
usernet ?
happy english 10 a
vmware 6
windows mac
12796
rdr file system xp
austin metro
windows 2003 enterprise sp1 updates
3" (Indicator: "vmware")
"47
5
5330
3gp
mtu.dialap.ru
vmware tools
ufo star 1800
3
fish3one
windows
18 36 greatest common factor
4-
a2033304003
1 8.2
msn
5410-2703020
.. 10
windows mac os x
1 7.7" (Indicator: "vmware")
"1
nokia 8600 luna
google
pinout psvita
40*25 rf, tkm
mufj
vmware server rpm ubuntu
+
tattoo
99
buslogic flashpoint
lenovo thinkpad edge e325
-
0445021093
2
hdd" (Indicator: "vmware")
"50
v bnmmm nmcv bm h.b nm njkkk kilmlj j juljokjomkk k.khlt k8ijk78 jiioikk
under 2.5/3
vmware
dle - 500 internal server error
24 17
hd 4650" (Indicator: "vmware")
"v2.08.14
vorota.md covanie
utorents.ru
,
dlink dir-628
2
shazam windows mobile 6
265/65/17
5
chocolate chip cookies olive oil
2012
..
realtek ac\'97 audio codec driver 6305 windows vista / windows 7
didi
red alexander dunning
tomahawk 9030
5143157 aa
sevimi muzisener
25 2014
camedia x-600
ufkjrvthf
228 .2
vmware workstation 6 5 3
uzmetkombinat bekabad
mp3
221
ws - c6509 eos
3000
ureaplasma ur." (Indicator: "vmware")
"1
1
3 4
c16 3ho
1940386
[jkb rhbcnfk
812 503 3309
divx6
339
9 online free
unclock root
antialawar v 085
tatarstan
300
84957827837
1 2009 -
usaqlarda sitomeqalovirus
happy new year
wing else should befucked -
3 3 3 macbook
21 midway
hbkmrt cnb[b
2007 9
[fpfyjd tdhtq
4
ukrainian musical band
tytbrn rfv, th, tnx
abff powered by xenforo
a hike in mountains
prology imap-50m dsqnb d dbyljdc
amway
24
. . .
, ?
8 17
4
winx mp3
windows 7 x86 4
4
scania
2- 3
dvd pioner
mxr dime distortion dd-11
myfieles.narod
35
mpstat good values
bono restoran
pqi u330 8gb
christmas
angela rogac-solcan
volkswagen polo 3-door uk-spec typ 6n2
17-19
camera + ? ipad 2
flhtcf f'hjgjhnjd hjccbb
upd72010 datasheet
3.2.2 cthdth
windows 7 sp 1
bodybuilding software
8
8313
coreldraw
56210wd326
android fr vmware
a
mwjhl street gato
2109
2.
2" (Indicator: "vmware")
"a
www patricia farinelli
9
3
buhs lkz nokia tv c1000
vmware-tools-distrib does not exist
35hp c, jhybr
va - anual mix 2007
18
nokia garmin maps
abode photoshop cs2
2.5 crdi wgt
comepay
www autopilius. lt
upload golden interstar
ws-c2960-24tt-l
2 2012
mp3
86
file editor
terios 2 -
ucrainacastelraimondobella
- 6
3919 liqui moly
dj
831
hd" (Indicator: "vmware")
"..
-
find your love, serious relationships and marriage with ukrainian for free
40iplay v.4.8
windows phone hfp, kjrbhjdrf
ujc bycngtrwbz gj nhele
9590786
1n34a
-
virtualbox windows xp
2
wi-fi zte mf30
.
.
diamond rush ? nokia 5310
07 zydfhz 2005 ujlf crf cdthlkjdcr crf ytanzybr
wimic -300
sax 40 blended wing
5a872
26
25 2011
call to undefined function" (Indicator: "virtualbox")
",
1200
trodat, grm
abktqyjt dzpfybt vjltkb
visual art
ua get -
fnp 45 tactical airsoft
bbk ma-965
..
a
124
vkusnosi.at.ua
21
0352
fmtune.rar
alter payee check
bmw 325 1988
crash test carbon
375296702010
1 8.2
rose glacee / 50
19.12
2007
28
discussion ultimatebb php ubb get profile ?
1 samuel 8 1 9
c#
3dmark 2006 radeon 4850
89156120691
1825 14 -
toyota ist
createpickup
pirates xxx 2005
it
01618
, club med
trondheim, stj?rdal
1-8
void the angry brigade 2cd retail 2006 umt
5800 21
ussd
2011
74181
fm talk
usb
vmware player" (Indicator: "vmware")
"?
3320263
ubuntu 11.10 virtualbox" (Indicator: "virtualbox")
"world of tanks
murphy unit 78 79
cad32
-
2.
1 2007
2 2 forex
3, 2012
1970 1980
flash
3.9.2003 .aspx .au
2107
23
23620-59015
fl studio 9 windoms7
4
mr freeman hd
50
@prostitutki samara.het
4
9 ..
719 pfghfdrf c[tvf
-
harvia profi l
google 43@qmail.com
c32725 transistor datasheet
301
tt board de
mp3
vmware workstation
vse polnometrazhnye scooby doo
x10
2, 8 4 5, 6
.." (Indicator: "vmware")
"?
uka
9260cv-4i kit
7sky
80's ru. italo disco maxi
windows 7 +
vmware
1- 10
7373
2sb196
2 .
4.3.58l1
wordpress themes wordpress
2012
q gkfy s8
windows live id nokia 710
hellgate resurrection
1984
42pj360r
cottus
5800
3 ,
ubuntu linux" (Indicator: "vmware")
"?
oz
776
hyper-v
+
ideya fix_-_
wow 2013
0x0000007e
abba dvd-audio vol 1 4
800
mtn
vista ultimate service pack 2" (Indicator: "hyper-v")
"?
406 s bluetooth laser mouse
upadne z krzesla
www/terminal-models.ru
archicad 15+
abc
90/
wwwsisjava.ya.ru
3757750
www
ujhzobt nehs d neybc bp yjdjcb, bhcrf
vmware workstation 8.0.4.744019 serial key
2.
2066 -
228
utorrent
best songs dima bilan
8028713210020
.
rinnai
flash cms template #30004
vthj gj ghjdtltyb. ds, jhjd
2112 marshall
dkny" (Indicator: "vmware")
"20.01.2010
vmware workstation 8.0.1.528992 rus
seth riggs
5018a seca
921 953-07-87
353235, , , .
354
0 5
disciples 3
22
ufkbyf ptqyfkjdf
2114
3 9
candy samples" (Indicator: "vmware")
"volvo c30 klub
belorusskie gruppa
windows embedded ce
beeline ip-tv player
windowfrompointmouse.cursorpos
2
ares hotel 4
3d +
ropag high-tech_calmar ip44
1 unipatch
connect 2500 wide
google chromefre
havij sql inj
bq2d7g044
flashfxp v4.1.7
bushnell 3-9x40eg
3 4
2018210047
jj connect 2100 wide
cfqns lkz cnfdjr yf cgjhn
43 .
. ,
harmony suits women
virtualbox" (Indicator: "virtualbox")
"malloc
19 lcd izumi tle19h400w
volvo driver alert control
8-15
floorplan 3d 10
& ..
2
windows server 2003
whn
7z cmd syntax
vmware
1 - 10 1
gps
diplomiruem.ru
can anyone suggest a lang ru
inglesina moovy
abbyy finereader rus+crack
wv vento
25 microsoft office 2007 home and student
3
14
windows xp usb \
063 325-51-51
eagle eye ruby
45677752
flash full screen
wwitt-international
ubuntu
1
8142 55-70-31
pioneer keh-p6600r-w
2004 5
vvfhb afqy
windows vista xp
vjyfcnshm pjjlj[e gbub
90
fly ds100
prince of persia epilogue
74.ru
3124 xerox
wow
18 2
mplab c18
www bagi ru
mtb street
5
1890-1920
a5
cooliris plugin firefox 16.02
nt[ybrf 'hjnbxtcrbq vfccf
tucano caffe
2
telsec
brabus roadster smart
9
antoncars
a
1
mp3
2
uses ole2 delphi
n-driver
-
www flora de
2110
winavr
3 842 bosch" (Indicator: "vmware")
"7
anime
canon 203
393
flash player opera
shool 11
pik vik
realtemp distance to tjmax
.-
elenberg -
caberlot
albert cummings sleep
xb-browser rus
vmware ?
voodoo camera tracker
2dto3d redblue converter
--
abit nf7
24
1
21
15
pragrama autocad onlayn besplatno
hd- a
tda 9341ps
2120 + 7903808-29-62
volvo 850
cortez nylon white red blue
3d
the best cd
3
dj gen" (Indicator: "vmware")
"49
visual studio
59303422
666 ? ? ? epub
dj ?
c+ +
801d1c
fifa 13 ipad
3
1846 vitek
book menu restaurant
2- , . 10-
chgpu.edu.ru
89857770990
3.
mr578201
fluidextract cannabis indica
-
win phone 7 market
5371167
2012 money .aspx
1
21.12.2012
- 2010
12.12.09
17.05.2011
1997 2003
40
find
352- 208
usb
senss & z l -
20 59 traffic
8362
3ds max ubuntu
umts
2110
2.22013
regbnm rdfhnbhe d r @zhjckfdcrbq@
8 -
j, extybt scad
world + of tanks
1 2009
uhepjdst vjnjhjkths
25.3
495 612-38-60
aeg elfa e 91
ubuntu virtualbox" (Indicator: "virtualbox")
"virtualbox 4.1.8 software developer kit sdk jgbcfybt
header keywords
dj mal
1 2011
contasia studeo
6 ? ?- ? ?
hdmi-hdmi premium
prince william wedding
cabal online 2 europe
1 md program text
bypass prepare
mp3 android 2.0
5727 zambaiti
7
1-, i.=6, = b
playboy
uhbaabys lbcytq
-
djccnffyjdktybz gfhjkz warspear
shimano
95
10 ? ? ?
golden deer
aion
38067 501 9707
1 2010
aa-c1412p76
pilux.com
canon 24-105mm
3
15 - 19
fishka.co.il
58 291
hard reset htc touch pro 2
3com 5500-si 52-port3cr17152-91-me
ca640
41
willem-eprom
2 5
call of duty 7
windows xp genuine avantage
vray
tfile jlby gk.c jlby
wilmar
mustt
89204172375
ts 20x80 ?
r14 215/55
18
650
flash g502 orbit
butterflies.
mysql smallint
5
hellbound a
1
21 2007
pioneer 110d
mp3
floppy motor driver dtashewet
windows 2000
harry potter -
wowwee roboraptor
+
aisi 430" (Indicator: "virtualbox") - source
- File/Memory
- relevance
- 4/10
-
Found a reference to a WMI query string known to be used for VM detection
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
-
1/72 reputation engines marked "http://counter.yadro.ru/hit" as malicious (1% detection rate)
1/66 reputation engines marked "http://biologicalscience.pro" as malicious (1% detection rate) - source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "tat.yasha@mail.ru"
Pattern match: "sch28@stavedu.ru"
Pattern match: "rogowasya@gmail.com"
Pattern match: "volgods@cbx.ru"
Pattern match: "6533781@mail.ru"
Pattern match: "isksch4@ngs.ru"
Pattern match: "u4320@r43.kadastr.ru"
Pattern match: "tyumenpolymer.ru@mail.ru"
Pattern match: "bzak@bk.ru"
Pattern match: "alltlove@yahoo.com"
Pattern match: "cadrov2013@yandex.ru"
Pattern match: "vatel-ship@mail.ru"
Pattern match: "bbusya@mail.ru"
Pattern match: "sfkstroy@mail.ru"
Pattern match: "2vklass@rambler.ru"
Pattern match: "mpocenka@samtel.ru"
Pattern match: "tver-chernobyl@mail.ru"
Pattern match: "info@crimee.com"
Pattern match: "uppvos@rdtc.ru"
Pattern match: "ufakids@mail.ru" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "d-link dir-300 2
--
2.0.38.6
vtk500010 /?
cameral? chat odalar?"
Heuristic match: "fish and chip
85-
20 windjws
.
192.168.3.220
1 8.2
hard rock cafe"
Heuristic match: "portes du soleil
..
3
af, hbrb rjkujnjr
..
4d68
wow gametime egold
1 1.2.4.3
vnes"
Heuristic match: "863 248-26-96
air china 096 1g
2.0.9.0 2.0.9.1
vls 2.30"
Heuristic match: "dima krasnik kiss
windows 7 ultimate sp1 32-bit/64-bit
dkbzybt ghtlhfccelrjd yf ghjatccb
urami bushi
0k30e 18 190
213.87.142.98
160.18-30
8002014"
Heuristic match: "179 ru
wow
192.168.1.1 rfr p, hjcbnm gfhjkm
digma d4"
Heuristic match: "175.25.243.26 80 190.248.129.62 8080
3d max
790455
ipad 2 wifi 3g 32 gb
1200x400x600
volkswagen passat b5 3b 1996 - 2001
5diez
bc200-mindray
digitech rp55ps"
Heuristic match: "hd
63
2. , ,
ch4 cl2 ch3cl hcl
1c 8.1.11.67 rack
pl. gauthie ."
Heuristic match: "chance
uart 736
4 6 1904
which of the following is a characteristic of the address 192.168.87.212/24?
1c lang ru
windowfrompoint ++
hell gate london
place"
Heuristic match: "?
91.211.118.28 27024
fisheing 35.ru
277- 30.12.2010 ujlf
-
windows phone
unwand
---
3 .
18 avqust sahibkarlar konfederasiyas
4
iphone 3g
3d
4230805 premium horse
fc bayern
wow
26
ubuntu"
Heuristic match: "djccnfyjdktybt phtybz gj nvtnjle lfyjdf
gps
86
041501601
1 7.7
2- 2011
86 lenne
3d
2
192.168.1.1
ubuntu"
Heuristic match: "?
uue-
5
30 . 4180 n14n32 arbonia
mxroad
81.89.113.21
amway .
6303classik regbnm"
Heuristic match: "2108
23
productions of kazakhstan
firelake
1710362-004
83.222.97.202 27289
a by
rbnfqcrbq usb
8
flash
2 gis
,"
Heuristic match: "213.184.226.158
215
7
8
tymibys d gfynfkjyf
pragrama zakriti podyum
vk.com/id57048925
22
tropico3"
Heuristic match: "?
4-2-1 honda accord 94-97
windows
vossloh schwabe
7662501
85
28
mysql
172.18.9.56
tvsale
www/dom-2.ru
3gp.film.org
2
uax 14
visual basic 6
heroes 6 save problem
multifuge 3 bioshield
volkswagen passatb7"
Heuristic match: "2007
192.168.1.133
3593896
fifa 2007
-
100
40-b99-0
161
138
3gp
divinity 2
33"
Heuristic match: "c+ + opengl
www
8-
ukj, fk nhtdk gcrjd
2 j2mw
84/58/90
uniblue registrybooster 4.7.6.10 ?"
Heuristic match: "v vendetta qartulad
ca+o2\
1
55
umc ua3730
28
007. ,
2019900050
, , - -
arduino 13
fm- fm mystery mfm-74bcu
fit-s
myac ver.1.6.5.0.
ubuntu server vpn ? windiws
consult-iii
i
v -"
Heuristic match: "tv_mistery
fly e300
rk.x lkz ms 2010
..
1
gmail google
3. 1993 .
uzflms
1 12
world of tanks 0.7.1.1
36
wwe
420095, , 7- 1
..
1-800-240-700
8
pioneer 508 xd"
Heuristic match: ".
84.113.73.6
8
pioneer deh-2000mpb
3d
plasma xenon"
Heuristic match: "95
320-240 java
usb ? lucky star 5mvp3
315100
vs-ltv883rf 4.0.100.2
vst 7046v
upload"
Heuristic match: "5.20
c+ + builder bscommandlink
3.2
469-1701100 /
alexander schubert higha
499611-42-44
mx vs atv unleashde
tvuplayer 2.5.3.1
890
radeon 5870
ms project. ,
433
hend made"
Heuristic match: "2007
$this?indb
wj201-2a 12vdc
hd ixbt
4
uheggjdjq vtytl th pflfx
djljktq b rfvtym pvtbysq ukfp
a w d r cfyfnjhbq
-
5d
-
-
-
17
nokia 5310
192.168.1.2.4242
divine divinity"
Heuristic match: "8120
wq-730z
-
247 lph - philips
hd
googl hayeren
a
33.
2010 cdr
www spezmet.ru
194.50.85.25 27016
bolliwood kino mp3 r
alcor micro
dworzec pks,
1c
2123
3
dle bbcode"
Heuristic match: "202.97.238.205
uzbek kino faryod 1 qism
uc@keysystems.ru"
Heuristic match: "hayerov.am sirvac erqer
373 179 497
5.1 3
tural ?liyev
28
81.201.60.208 tor
wikileaks
.
1
brenner9
3d
flash
muay thai hellas fights 2009
trixbox"
Heuristic match: "32 01
\
a studio sos skylark remix
muziic
mutul
bvtyysq nf, kbxrb
3 stars angry birds 1-17
vkayucyun
unity hierarchywindowitemongui
hyundai
225-24-75
readon tv
wow
virtuemart 1.0.12.1"
Heuristic match: "?
fm 4gb
95 12
aekgoprn.dll 70.103.101.103
heccrbt"
Heuristic match: "? 3
2009 .
3g acer a500
multimedia fusion 2 + extras
3
2
0k01w-15-140
19
hend test
focus usa
muveenow 2.2.0.3
24
7-
raymond lefevre
hdpe"
Heuristic match: "?
5.21.2.15.1
268-95-29
2140rs
usb 520
android padding top
50
914 porsche photo
u"
Heuristic match: "save need for speed prostreet
300m
- -
tv
1 8.
distress clear embossing ink
939609
fly440
10 ?
mtv 6 - online
firmware version 3.0.0.3.84
un bra"
Heuristic match: "- ?
satinique
virtualdubmod 1.5.10.2 ?"
Heuristic match: "-703
5 1990
5 p
cadram resins
2012 7
-375
212.154.149.145
caddy maxi life
5diez
@mil.ru
camera raw cs5
1c
djvu"
Heuristic match: "?
3
akai gx 630
wot 0.7.1.1
2-3
windows genuine advantage
2012
234 .
af 2253 -
vlra 12 28 /"
Heuristic match: "? 13.8 , 30
1 8.1.5.123
4. .6.30-97. . , ,
24
-1-pro
tamron nikon
1q84 3.
1 2012
windows 7.
20
1 8.2
bill kaulitz 26/8/2012
2009
txt ? ?
angel and heart
3d max
3 lostpropets
.. -
vivasan"
Heuristic match: "cool'n'quiet athlon xp2500+
2
gta iv 1.0.2.1
dj gruf ?
multiflex 5-13 lorch
braun
abc mamba
bus" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Informative 13
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/56 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_11f0_IESQMMUTEX_0_519"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"Local\ZonesCacheCounterMutex"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"IsoScope_11f0_IE_EarlyTabStart_0x10e4_Mutex"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_4592"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"IsoScope_11f0_IESQMMUTEX_0_331"
"IsoScope_11f0_IESQMMUTEX_0_303"
"IsoScope_11f0_IESQMMUTEX_0_519"
"Local\ZonesLockedCacheCounterMutex"
"UpdatingNewTabPageData"
"Local\VERMGMTBlockListFileMutex"
"IsoScope_11f0_ConnHashTable<4592>_HashTable_Mutex"
"\Sessions\1\BaseNamedObjects\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"\Sessions\1\BaseNamedObjects\IsoScope_11f0_IESQMMUTEX_0_303"
"\Sessions\1\BaseNamedObjects\IsoScope_11f0_IESQMMUTEX_0_331"
"\Sessions\1\BaseNamedObjects\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Opened the service control manager
- details
-
"iexplore.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"iexplore.exe" called "OpenSCManager" requesting access rights "0XE0000000L" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
Scanning for window names
- details
-
"iexplore.exe" searching for class "ImmersiveWorkerWindowClass"
"iexplore.exe" searching for class "Shell_TrayWnd"
"iexplore.exe" searching for class "MS_AutodialMonitor"
"iexplore.exe" searching for class "MS_WebCheckMonitor" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:4592 CREDAT:275457 /prefetch:2" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:4592 CREDAT:275457 /prefetch:2" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Creates mutants
-
Installation/Persistance
-
Creates new processes
- details
- "iexplore.exe" is creating a new process (Name: "%PROGRAMFILES%\Internet Explorer\iexplore.exe", Handle: 896)
- source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"urlblockindex_1_.bin" has type "data"
"RecoveryStore._25998093-5EA2-11EA-9662-0A0027F770FD_.dat" has type "Composite Document File V2 Document Cannot read section info"
"6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04" has type "data"
"~DF66C2EF25A4B1E051.TMP" has type "data"
"X0EEI3TW.txt" has type "ASCII text"
"suggestions_1_.en-US" has type "data"
"favicon_2_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
"_25998095-5EA2-11EA-9662-0A0027F770FD_.dat" has type "Composite Document File V2 Document Cannot read section info"
"search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"
"verA082.tmp" has type "XML 1.0 document UTF-8 Unicode (with BOM) text with CRLF line terminators"
"RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"
"_2CA19000-5EA2-11EA-9662-0A0027F770FD_.dat" has type "Composite Document File V2 Document Cannot read section info"
"IO64Y6BH.txt" has type "ASCII text"
"JavaDeployReg.log" has type "ASCII text with CRLF line terminators"
"search_1_.json" has type "ASCII text with no line terminators"
"SMTNEXOX.txt" has type "ASCII text"
"H9C23CXK.txt" has type "ASCII text"
"en-US.2" has type "data"
"6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203" has type "data" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "www.liveinternet.ru/click"
Pattern match: "http://8hugsaday.cf/?u=8p2p605&o=498wxn3&t="
Pattern match: "http://biologicalscience.pro/Agropedia"
Pattern match: "http://biologicalscience.pro/Arthropods"
Pattern match: "http://biologicalscience.pro/Ecology"
Heuristic match: "10. 10 ? ?
vkontakte.ru"
Pattern match: "vk.com/b_inna"
Pattern match: "rep.fcc/he"
Pattern match: "vkontakte.ru/id15814384"
Pattern match: "myspace.com/hellskitchenblues"
Pattern match: "vk.com/julia_manshilina"
Pattern match: "fixmag.ru/izmer/multim/page/6/"
Heuristic match: "teppich dom?ne
13-16
00 00
14 ? ?? ? ?
1 .
40
cfqn rjycekmndf gjkmib d, htnt
wininet.h download
chillen
vpi/vci 1/40 dhcp
42 .
mt-12864a
200 2012
rc-
7 -
unichel 101010
twitter livejournal
3 "
Heuristic match: "protech t2
right click image converter 2.2.2 rus crack
1119 tms turbo
5 1927
5-404-00293-5
vtx cbhhs
c.s
vrayspeedlight
1cv8.efd not found
serial proxy switcher
umid nihollari 2013
2 i900
msr-1200
alligator-s550
a
canadian "
Pattern match: "realty.mail.ru/town/?from=subsc"
Pattern match: "vdpo.ru/news/news-vdpo/4998"
Pattern match: "vk.com/mega"
Heuristic match: "?
price of ha land in almaty
8921-993-19-93
1
www data - media.ru"
Pattern match: "teamlab.com/ru"
Pattern match: "my-ivanovo.ru/main/page/643/"
Heuristic match: "2t6551
www fm
10
alice madness returns beta version
h3 12-55
www goldacordion
uac3563 datasheet
01617727700
318 2010
2
364
-
31, wf
php
rammstein moskau mp3
amd a8-3850 vs amd fx 8150
38 ifrs
7600gt
89054254222
utou.ru"
Pattern match: "visa4uk.ru/application.htm"
Pattern match: "vk.com/club44985468"
Pattern match: "wotlk.blog.tut.by/category/novosti/"
Pattern match: "google.co.il/webhp?hl=i"
Heuristic match: "1
1
winter wings n03189
-
71
v1.0 and 1.1 trainer + 10
.ru"
Pattern match: "files.mail.ru/4mbs99&bu=1"
Pattern match: "uamedia.visti.net/uf"
Pattern match: "vk.com/mega_moscow"
Pattern match: "nokia.com/softwareupdate"
Pattern match: "vitanovaclinic.ru/de/eko/"
Pattern match: "mynew-year.ru/photo"
Pattern match: "www74.ru"
Pattern match: "liveinternet.ru/users/"
Pattern match: "comus.com/ru"
Pattern match: "narod.ru/disk"
Pattern match: "ucoz.ru/index/0-6"
Heuristic match: "?
5 16023
52. .word
tvoi startup.ru"
Pattern match: "youtube.com/watch?v=kkx95li5qaw"
Pattern match: "logitech.com/support/k400"
Pattern match: "vk.com/z0na55"
Heuristic match: "fly ds123 lg a230
a4tech pk-720g windows7
vtypekmyfz c]tvrf
2.4 30v quattro 165 hp1997 - 2001
php
word2tex incl
52.61.2
.-
3g mandriva
win 7 c000021a
8600 gts msi
wolksvagen golf 3
30 crfxfnm
2-
75q irjks nt[ybrjd dd"
Heuristic match: "89163737677
a
undertaker accept islam
vk
www
2.
hc 30 byahfrhfcysq j, juhtdfntkm
wtys yf yjhrjdst ie, s yf erhfbyt
windoctor windows 7
wow 2.3.3 us
tycrfz jlt lf bp rj b
909600
windows xp sp3 serial number
rotator in web
"
Pattern match: "multi-up.com/221170"
Pattern match: "tv-sale.com.ua/vse-dlja"
Heuristic match: "?
wwf raw 2003 pc
6
6
headhunter.kz"
Pattern match: "vkontakte.ru/id100500"
Pattern match: "service.com/ru"
Pattern match: "files.mail.ru/6o7ifn"
Pattern match: "vk.com/id11962803"
Pattern match: "hatewall.ru/tag/87"
Pattern match: "muzofon.com/search/"
Pattern match: "vk.com/robots.txt"
Pattern match: "planeta.moy.su/blod"
Pattern match: "gkifk.ru/microfinans"
Heuristic match: "voque.ru"
Heuristic match: "wolfschanze 2
275 55 19 yokohama g073
mysql
1
7vrx
1 8
dj anton%f
-
239- -
notepad fail
9 - mp3
4djs dj slutkey dj kosinus
4
hankook dynapro hp ra23
cam4.com"
Pattern match: "igi.imax.com.br/advec"
Pattern match: "androidmass.ru/nobalance-mobile"
Pattern match: "server-list.ru/search/l4d2"
Pattern match: "proforientator.ru/tests"
Pattern match: "pfrf.ru/ot"
Pattern match: "vladskv.ru/interesting"
Pattern match: "flib.in/kisya"
Pattern match: "diesel.org/prices"
Pattern match: "vk.com/id14260512"
Heuristic match: "a a
990
3
dil kabaddi - ehsaan mp3
wot v.0.7.2 7
20 1, 8
9902
28
hbh-gv435
canon 7d
wow
hd vidio recorder manual
wow
-
369 9
windows tar
3 1974
15
21099
8 -
2 gi"
Pattern match: "whitebusiness.ru/&bu=1"
Pattern match: "vk.com/id57048925"
Heuristic match: "@ &
1-2
physiospect mk5
c7973a hp
75-36-11
jaguar x-type estate
v ray
take my are away
3636 11
-.
27
007 system
hbckbyu
26
1 ,
united colors benetton
3 + 27
1
windows 7 +
headhunter.kz d fkvfns
"
Pattern match: "dreamsilver.2x2forum.ru/t253-topic"
Pattern match: "1tv.com.ua/uk/news/2011/12/05/12397"
Heuristic match: "33
3d blu-ray
winx 3d
fix for windows 7 3.0.3u
11194
10, 2 sn-1020d
vkontakte.ru"
Pattern match: "vk.com/trap2012"
Pattern match: "www.ru"
Pattern match: "vk.com/id164535540"
Pattern match: "wwwboards.auto.ru/travel"
Pattern match: "vk.com/id140664708"
Heuristic match: "mp3
vse ob oae
my chemical romance + disenchanted + lyrics in deutsch
a ultima versao do google chrome
visual basic
reg organizer 4
wm.beast.kz"
Heuristic match: "345
unseen
wow 1 12 1
1506
pr
windows classic player
firma
3d sony full-hd
disappearance of haruhi suzumiya movie
anikdoti.film.ru"
Heuristic match: "www ru
41659
225 70 r15c .
hercules nocd
-
wolksvagen phaeton 2011
ix
35071
4
d-link airplus dwl-g520 driver xp wpa2
winapi
tette grandi naturali
f-2-c
nokia lumia 800 710
camie ceksualnie zadnisi
5w-40 "
Heuristic match: "??
winder
28-135 usm
.
91 2
word viewer 2010
chiptuning logan 1.5 dci
windows xp +
a want you
windows mobile 6 cab
925
2.
1c enterprise 8.2 8.2.15.301 - error 1311
mp3 vnature
replica amg r19 g
mysql nu"
Pattern match: "vk.com/app1780180"
Pattern match: "vk.com/id122267223"
Heuristic match: "8918386
38 rus
hdmi a ? a
1980 +
tt supra
8-
8ig1000mg manual
pixxx.com"
Pattern match: "vk.kom/app2418075"
Heuristic match: "800, tcgkfnyj
29 07 2008
vk.com"
Pattern match: "vk.com/egor_krut"
Pattern match: "www2.babyusa/ru"
Heuristic match: "readmaniac
1c
349-56-22
5962d9960701tuc
arbyte computers bios
www rambler
pro evolution soccer 6
-9 -8
4855 28-79-76
tululu.ru"
Heuristic match: "utel.tv"
Pattern match: "www1.macys.com"
Pattern match: "izhevsk.ru/forummessage/12"
Pattern match: "mpchat.com/koldunya"
Pattern match: "www3.goldenbank.kiev.ua"
Pattern match: "2000.kyiv.org/biblioteka"
Pattern match: "vk.com/im?sel=89705522"
Pattern match: "beadedworld.com/kak-obvyazat-businu"
Pattern match: "arbaby.ru/shop/group_599"
Pattern match: "vk.com/famous_in"
Heuristic match: "?
firefox setup 3.5.7
10
ufakids@mail.ru"
Pattern match: "vk.com/levanova_alina"
Pattern match: "msnbc.msn.cid/21253084/"
Heuristic match: "202.97.238.205
uzbek kino faryod 1 qism
uc@keysystems.ru"
Pattern match: "sk.fm/wax1k"
Heuristic match: "volkswagen golf ?
vt6102 driver
trud.com"
Pattern match: "vk.com/id14062634"
Heuristic match: "?
uvelir.info"
Pattern match: "uniplay.ru/tag/trailer/page/8"
Pattern match: "317317.ru/raspis"
Pattern match: "my.citynsk.ru/csp/rkc/index.csp"
Heuristic match: "9 - 7_ agp - hotfix_xp32_dd_ccc
5
white trash beautiful 320
.. 10-11 2006
wordpress
54 01 061.66
piko ??
va-dj scope - rnb overdrive 22 bootleg2008
dj alex spark 2011
second life
volvo s80 ?
wold of tanks
flash player v2.1 no"
Pattern match: "mp3-vid.narod.ru/mp3/a/adriano"
Pattern match: "www9.soccerstand.com"
Pattern match: "vk.com/id32358820"
Pattern match: "a.d-cd.net/8887ev/960.jpg"
Pattern match: "msevm.com/main/willem"
Pattern match: "notes.tarakanov.net/cinema.htm"
Pattern match: "vk.com/sprashivai"
Heuristic match: "call of juarez dx10 patch
500
8kra2 drivers
dj loomis-elektro house of life
tti tcb-770
wordpress
8
fokker f70
0-1711094-2 6 . rj-45 lszh, , 2
.
on
mysql
annihilation principle l
anna-camelia@ramble"
Heuristic match: "windows 2003
8909 9028295
3d 2008
beebicenter ru
201
2cosx+1=0
8600
dj
clarion dxz775usb
301 robots.txt
php
www-1000.ru
adsl
.
89653835434
c# this.top"
Pattern match: "radiomaster.com.ua/813"
Pattern match: "ricaud.com/zakaz"
Pattern match: "www366.websoft.ru"
Pattern match: "vacationhomerentals.com/52370"
Pattern match: "vk.com/mail?act=show&id=312"
Pattern match: "msfu.net.ru/download/other/jpg"
Pattern match: "vk.com/video?q="
Heuristic match: "b.bayer
dj bes an influenza
world of tanks
bourjois 16
1 .
3
1 gorodskoi.ru
tyjn pjjvfufpby
a
245/70 r16 / -214
rjyrehc cbybcfkj
uhuhu.ru"
Heuristic match: "windows dvd-rw
teens nude
unsimple studio
vtnjl flfvcf
5 1600w
0063.ru
vista 2003
canadian camper
hangover 2
csb hr 1221wf2
my baby 16915
tycrbq jkjc ghbdtn gjrf
windows 7
hdmi
3 goha
universal-oilspray ?
3s vision" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"windows 2003 system_pte_misuse
myspace.com/hellskitchenblues
.
494297545
mr. credo
vista sat internet
tamillar@mail.ru
umts manager 0.4.1
c# getdiskfreespace
24
word 2007
icarly turkce izle 5. bolum
24
applet servlet communication code
a0035464240
vlc.org
25 90
irida-v
75
ut2.spb.ru
vraysun" (Indicator: "myspace")
"?
becky gomez
, , -
1/20
fm 2012 12.1
20
ipad wpa2
msu
823380 .aspx
4 4 mb pdf
hyundai verna
-
74956468634
2
wusley svc - 8000w
14
flash-ka.net
vital diagnostics
flexiblesoft power man
www kompromat ru
uploud center
mykid
rbc
6
isla of man races tt 2012 - record breakers 29.05.2012 itv4hd 720p x264
.
ubuntu
302-6/18
ukfvehyst ltdeirb
divine divinity
5320 3702010
9780511413971
1
a week in paradise delete review
4-
2912pf sl
1 a 66
100 %
noize
hydran m2
8
7979 kqg ibm
8-903-781-44-42
528-12-53
flow ringu
hdd sata 1
windows server 2012
ww.mon.gov.ru
2111-70
by yon bonni banks
5872
flv avi
3g /
50
char to unicode code
c5380
34 buflf eghfdktybz
8 9
user_news
- site=youtube.com
usb serial adapter fcc
831234-82-92, 34-82-61
22
mp3 pink
192.168.0.1 trendnet_432
3d 2012
2g 3g 4g wifi
i" (Indicator: "youtube")
"cadillac catera ?
hardware not supported by firmware cisco
seven-rooms
usb controller chisinau
ujcnbyfz vfhctkm
mp3 +
3d imax 3d avatar
wow +
9120506
75-1-4 8
- bullet for my valentine - hand of blood
1981 16
wolfgang gartner - still my baby
wpa
w master
2 20
plisens
abb
2003
.
1
usb
-
musofon.ru
munich re
advanced photoshop magazine
2414
cannot initialize video compression due virtualdub
rina 33g
amygdalus communis
@.kz 61
tyjtj
wtyf, bktnf yf abyfk kbub xtvgbjyjd
aixa del rosso malpelo
a-95
visa paypal
3 2
dle topnews" (Indicator: "paypal")
"teppich dom?ne
13-16
00 00
14 ? ?? ? ?
1 .
40
cfqn rjycekmndf gjkmib d, htnt
wininet.h download
chillen
vpi/vci 1/40 dhcp
42 .
mt-12864a
200 2012
rc-
7 -
unichel 101010
twitter livejournal
3
5530 5800
45
ms - 6837d
nokian wr 215/40 r17 87v
50 shades of gray movie
centrafuse ipad
hdmi a ? a a
vse-sam.ru" (Indicator: "twitter")
"www alienshooter 2 ru
arena calculator
wpj
heroes of might and magic 3 a
wv fsi
229-30-60
mssql pos string function
mu online
mw2
craft pro warm underpants
twitter
rj 6u wifi
300
tv sanyo lcd" (Indicator: "twitter")
"4216-3708000-51
chip_2012_06_part05_rar
sex
cam 9-18
3g alcatel linux
programa
mp3 2001
twitter" (Indicator: "twitter")
"winrar vip-file
@inverto.tv
wolga 21 limuzin cena
2
dilar kasvushone
vlaman site wasm.ru
-
c std vector
divvokna@yandex.ru
4
3d max
a
hayes-lemmerz 17.5x6.00
tycrfz
7 ?
twitter blackberry
troll trouble fix
2
wowwee
divan paradiis
ableton live hypersonic
helo windows
19.
php+simplexml+" (Indicator: "twitter")
"universitatea aab
2012
radiotehnika s400
bycgtrwbz gj nhele d tkf, eut
teutonia spirit s3 3 1
i follow you into the dark
73948
dima bilan modedesigner fotoshooting
tefal
1
6280.ru
fish
94400, ., .
79248266796
pioneer avh-p3100dvd
5502095f0a
2600
2009
010186
2st1423
20 yanvar2011
world in conflict 1.1.1
dj antoine - pussy baby
buhs j ukflbfnjhf
1 tecdoc
50
2
/
a
vrachi2002@ mail ru
ue40es6307u
2.0.0-2.4.2
91
1 7.7 web
2sc1970-circuits
tdhtb yfwbfyfkbcns
ufptnf
igbt
uspenskaj lubov
twitter symbian" (Indicator: "twitter")
".
m-vetralivejournal
2005
andreea banica could you radio edit youtube
2105290
umi cms
. -
ultra loko
3gp online
487
mp3
%d0%bf%d1%83%d0%bb%d1%8c%d1%82+rc3b
hang ytgh ?" (Indicator: "youtube")
"vladimir @mail.ru, @bk.ru, @rambler.ru
uhegjy abykzylbz
typical gc 0302
20 - lenovo b300a hd+
9mm [hd]
-ls 4*185
2012
c6h5no2
aice-aa
shamil murtazaliev
a mp3
2
vag com ?
workbook 6
93
gps
3300307 ariston
brisk lr15yc-1 super 2114
hazet 4550-14
33-00-92
bcnbyyfz bcnjhbz hecb
iwouldliketoskateinthepark
+
windows 8 midori beta
#u2ed0f8b438s#
wndr4000 pdf
&
vsftpd chown username root
745-08-05
www
world of tanks 2.0
2109 ?
fiska
flash
3 d max
4-2-1
51-35
2
fluence
232
9789881970756
abloy
495 - 287-73-70
1c
43 1945
79651882823
. -
coolpix l23 silver
3707080-10
mysql
75306-2112284
18
10 ?
windows usb +
9136390016
2
word torrent
word 6 0 windows
vlf-250
08
5320-2801301
vtech
ajys youtube
crack bus driver 1 0
60
x2k
, mp3
ubs quotes
hd74ls32p yfpyfxtybt
220 - 12
21 22 23
3-5
1 wmz =
1- . 8
win7
b" (Indicator: "youtube")
"fisher price
hd
centr guf mp3
60- ?
www youtube com
mazda 3
4 5
1 v
cameo" (Indicator: "youtube")
"?
wilo drainlift l 1/15
mt4
3. ,
firefox
.
busta rymes
j, otcndj fyfybvys[ fkrjujkbrjd vjcrdf
5
1880-
400
ukf, jkmyst ghj, ktvs xtkjdtxtcndf
.
424
50 2012
1965
2012 -
%eb%c1%c2%c5%cc%d8+ftp+vector+4x2, + 5+%cb%c1%d4
193.232.245.53
331049
windows
x4 920
icledo
965g ubuntu
vjqrb dscjrjuj ljdktybz d gtnth, ehut
brother dcp-7010r usb
sex lounge music for making love
1895917
alliance studio
win cleaner
ipad2
5000000
20 ,
066 026 48 52
3g
30.10.2006
twitter beeline games
vjlty njrby
450
538 7.1
windows 7
20
8120 ecnfyjdrf
pic18lf2550
4 2012
88
wow 3.3.0a
vray
windows xp pae
fifanet
tekken dark resurrection
wow
wow cataclysm
720 hd" (Indicator: "twitter")
"8
cfvsq kexbq vfhihenbpfnjh
835273 66 01
uflfybz ?
21
3d 5530 5800
mr.skin
nokia c3-00
gpt/alat
4
9
digital ixus 70
wow server
a
dizzy
abbyy finereader 8 djvu
86554 gene lasserre blvd
30 2009 5
2. 234*105
mp5 mw3
2+3
07- dvd-
2*2
404 joomla
33-81-85
36689283
49
904-001l
channels publish
ch3ch2o
bridgestone dueler ht 687 100h
1948
virtualdubmod
203 50
torrent
dvd ria
5nizza
24 2011 youtube
www rabota vk blogspot com
11
siemensamilo pi2540
www?uckuwehue?ru
2108
-
-
ap-np-f970
pit moto
shania twain - from this moment on
flashplayerplugin 2
1 din
mpeg-1 layer 3
tycrjt nfrcb
1826293
scratchbox ubuntu vdso
3d
ua
7say
www nudist
wordpress
www go goru
d-link 620 e173
arkadas siteler
v0vans.74@mail.ru
terex tlb840
8-962-686-56-53
msds perkacit zdmc
kenwood ddx 7015
47 feat. -
3
discovery 4" (Indicator: "youtube")
"ati
cfl d, tkjv wdtnt
3d
uma2rmah ?
ukraine paypal webmoney
vjltkm vfec
cfg.h index
2
c130" (Indicator: "paypal")
"8
usb 360
voicesep
nissan x-terra
c# draganddrop datagridview
firmware samsung ml-2010
5-
ms word
11 ? 64
alisa madness returns youtube
big city gmod
18
multicommerce ltd
3d inventor
windows7 64 rus
tu perearstikeskus
sector 2g15-120
2
hdri vray
disney games princess
gps gps bluetooth qtek s110
windermere 98110
windows 7 delphi
windows crak
bosch s6 agm hightec 6 -55
silver efex pro 2 serial number windows
mp-654k ?
21 1988
amadeus film
8 .
semisonic secret smile
www ptcruiserciud.ru
vnd cvjnhtnm
91 01 91
24.09.2012 2
978-5-353-05924-0
vt, tkm, tkujhjl 'rcgthn
500 illegal port range rejected. ftp bind address already in use
2
5320 2402034
5
1n5216
readius pocket ereader price
4
,
div centre div
dj vadim milwaukee mp3
5
,
18 70
www
3000
flash player 2008
animated widget pro
391 --
muzikine" (Indicator: "youtube")
"?
flash- mario
1 19
volkl - fastec classic wms
hbceyjr, fpjdst 'ktvtyns njdfhyjq cnhfntubb
twitter
a
msi 990fxa-gd80 gtx 580 crossfire
fpg, kzlm
mp3
2.
3d photoshop psd
[jhjibq ubytrjkju d rfkeut
fire + and water
bpujnjdktybt htrkfvyjuj velekz
playboy ultimate
30 10 11
flash
siemens cat
golden media 990
wow
.
175 65 r14
pioneer keh-2650" (Indicator: "twitter")
"sikalatex
1
3d mathcad youtube
5 volvo
3240024
-15 1500
27
863545-30-10
djlyst xthtgf b
hensel
2008
ms-dos autoexec.bat $e
1 4.2 7.70.431
pintzgauer
amw
gps
call of juarez the cartel" (Indicator: "youtube")
"18 and life skid row
folder guard 5.4
world of tanks 3
21074
32
3
death note
42 ah fiamm fg 24204
5
1kanal rtr
ujcnbyvwf, fcnbjy
-40 g34-91 carboxyl . / 5 .
95 8
- -
qip
usb
wn62
275/60/20 michelin
volvo s70
pitts shebib
widescreen
burro means
vj yj kb ltnzv cltkfnm ak.hjuhfab
24-7-365.ru
59
twitter-" (Indicator: "twitter")
"? a
234151 va
twitter max
a2dp e61
nokia +
word 2007 portable
509-29-95
fokc
rbk credit
wog 3.5
pic mmc
50-
mp3
abloy - lc204
hash function strings
.
promocod grosvenor poker
-
c106m
3
20
ts-wx20lpa ?
798
c
hdd 4
921128
95 11.02.2012
3d youtube
2130usbreg
75 20
c170 ?
windows phaser 3110
dj groove
hello kitt?" (Indicator: "twitter")
". 06
2012
50 gruzinskix
21
8 342 2571758
twitter tallinksilja.com
x7
-" (Indicator: "twitter") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x75901064" (part of module "IMM32.DLL")
"iexplore.exe" wrote bytes "60d22a6f" to virtual address "0x75B31D7C" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x753617CC" (part of module "ADVAPI32.DLL")
"iexplore.exe" wrote bytes "60d22a6f" to virtual address "0x76A413B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x74571038" (part of module "VERSION.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x6C11F6A0" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "8032c1007032c1000032c1006032c1005032c1004032c1003032c100000000002cc9c375c021c100000000009017c1005023c1000018c100601fc1002036c100000000004036c10000000000" to virtual address "0x00C18000" (part of module "IEXPLORE.EXE")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x73C61250" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x75921144" (part of module "LPK.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x75901210" (part of module "IMM32.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x772D11BC" (part of module "GDI32.DLL")
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x76AA1298" (part of module "MSCTF.DLL")
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x7561B0CC" (part of module "IERTUTIL.DLL")
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x73C6139C" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "60cd2a6f" to virtual address "0x75B31E14" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "c03a276f" to virtual address "0x75B31FB0" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "b033276f" to virtual address "0x76A411B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "70cc2a6f" to virtual address "0x76A41310" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "3030276f" to virtual address "0x6C11FE90" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "a035276f" to virtual address "0x76A4131C" (part of module "SHLWAPI.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
File Details
bd.bin
- Filename
- bd.bin
- Size
- 1.6MiB (1721078 bytes)
- Type
- html
- Description
- HTML document, Non-ISO extended-ASCII text, with CRLF, NEL line terminators
- Architecture
- WINDOWS
- SHA256
- cffd66605b6f498828c3ffa84b15a2113f2983c7c6ef522c7b6c097e32d985f9
- MD5
- 1fd212ce18a99c7d35a29f228ac717c5
- SHA1
- 5bad8a0180de609077425bde9c5e0b3cb3da4e28
- ssdeep
- 12288:tbOmLDXF/ra08DKmeHwi60v0+f9UIEXYpYIzgotxIzgDFiDtCUqSEA2HHQw3dUCg:tbOYFupWQ6fU35gL5/41z
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 2 processes in total.
-
iexplore.exe
C:\cffd66605b6f498828c3ffa84b15a2113f2983c7c6ef522c7b6c097e32d985f9.html
(PID: 4592)
- iexplore.exe SCODEF:4592 CREDAT:275457 /prefetch:2 (PID: 4656)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 20 extracted file(s). The remaining 6 file(s) are available in the full version and XML/JSON reports.
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/71
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 1
-
-
en-US.2
- Size
- 18KiB (18176 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
-
Informative 18
-
-
9IYJN31J.txt
- Size
- 279B (279 bytes)
- Runtime Process
- iexplore.exe (PID: 4656)
- MD5
- 6c5c52a1ef1bd86d84d27b5716d966bf
- SHA1
- 5b1272d89c6ace62b6e78d1fe45b79c45e5640d5
- SHA256
- e0b0196f0db2fc661c39c1b9d759136acb7093b78512edac267aa51fd0356cdd
-
H9C23CXK.txt
- Size
- 154B (154 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4656)
- MD5
- 2a644d04473faff925680afd866239a3
- SHA1
- fcc61835bb3e37fcb3f9b7efdeb9bc1c6ddcdaf8
- SHA256
- 403ee5e5b6a36e7a7d57511b9b463a1136c2455e801194cb4f2e41e9469d29ec
-
IO64Y6BH.txt
- Size
- 77B (77 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 2f71552c7315eb8f2220065b60257289
- SHA1
- 3cb9fe36993558c8e56c32bb168cd4257682a104
- SHA256
- 4eae153e5cd13798da6d25c5c0128d2f2d08b70d78355aa30ddb51842b156657
-
SMTNEXOX.txt
- Size
- 63B (63 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 1fed7fa1b7e58b352f0c07c7f588e58c
- SHA1
- ffc1bf180a9d4b643bd7c0571c15144fd82b197b
- SHA256
- a2d947a52223a1989063a30e1e23e365955f9a9d93adc5b7952604764e97ebbf
-
X0EEI3TW.txt
- Size
- 197B (197 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- b802bb1df8d7db6ddafd70e376cdcbe0
- SHA1
- 0c1d76baf3286ca728c1644c88239002fdb2890b
- SHA256
- dcc7ed648da0c44aa1632908be72485aac675094995cc2e3d4f3bfe05f1e94f7
-
verA082.tmp
- Size
- 15KiB (15845 bytes)
- Type
- text
- Description
- XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 095c72688de7d90e6526dc0d8878f3f6
- SHA1
- a1cae182fb7e86c74fb5467c0014b2a27472be37
- SHA256
- 8684403da59628039e9b4b0d245c5b7e1fac1242a087ded44eaf3b792e4a231e
-
6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
- Size
- 434B (434 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- f2c7f1c76914446c839517c28d5377d9
- SHA1
- 2b252b30e76f8a797ab2a2d3fd64252b1a7245b0
- SHA256
- e4c0c60fa72013f17f81f3a1d1787ab53714a9dc8878daaf4c249b54761e420f
-
6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
- Size
- 1.5KiB (1507 bytes)
- Runtime Process
- iexplore.exe (PID: 4656)
- MD5
- f4e30b74ab7dbf5f8f0d59ff703dcb04
- SHA1
- 3644401e2b7c3469ae9f2c10e20cea7cb219e5f0
- SHA256
- 320b3ff235eac45d1aab8423096bc0000a61c804367bf2ad9c10ac8b78475665
-
JavaDeployReg.log
- Size
- 38KiB (38952 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- iexplore.exe (PID: 4656)
- MD5
- 1c91d11801c76bf35b0cce0d5703166d
- SHA1
- a93e1a21c1cc38547b7954a42a875eb64a6cb09d
- SHA256
- 9efb86e6fc783a1ce7c7d78eb82d4f9a0409fca4da0cc0f49dbd86470b90af4d
-
~DF636AB71CC9650AFB.TMP
- Size
- 16KiB (16384 bytes)
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 5e2ead5c3e330609fd8216985272c26f
- SHA1
- 32d826d21db9d0fe727243ac3af2094b5726073a
- SHA256
- 696ac7ed37a22d8adb11ae23e983c629cb21c7ba621ed0f15623459aa7da0339
-
~DF66C2EF25A4B1E051.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 1ff90e541055f108b041e418f39fa4af
- SHA1
- e6515e2b5123f18220c879550175685d68fc0f07
- SHA256
- c3fc5d5ef660d77e06ed3377e9eede110a8b869704400061c3e6f580b310dde8
-
~DF7EC08D7466627309.TMP
- Size
- 16KiB (16384 bytes)
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 804470698438a6b0cf1c0a2c60bee296
- SHA1
- c120263f23fc0c0cd6cd43ceda6f7b20da1e44dd
- SHA256
- 7b0809e9e7e2788d0d686683b8255b2e8ee876949fdcedb930d589e999b23093
-
~DFCA5E0BA875A7B5FC.TMP
- Size
- 16KiB (16384 bytes)
- Runtime Process
- iexplore.exe (PID: 4592)
- MD5
- 558f5494ed5b5a6ab7fa47ec9350cc23
- SHA1
- 3a1e4257ef599ad5b0be9d2ea52017af785d8e2c
- SHA256
- 52832d34d497a26634b6fbd8b844c38402fef0e8bc832b2b6a471782333d4763
-
RecoveryStore._25998093-5EA2-11EA-9662-0A0027F770FD_.dat
- Size
- 5.5KiB (5632 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 24ce050d1f0fc352792717aaccdd703c
- SHA1
- 8923d9094d53ee9a78dc2ed3060472beeb3507d7
- SHA256
- bc9547df4cfe1c77b6d04f44ba1bd9ef071eab0b278346873e7b59746fe5b2d4
-
suggestions_1_.en-US
- Size
- 18KiB (18176 bytes)
- Type
- data
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
favicon_2_.ico
- Size
- 237B (237 bytes)
- Type
- img image
- Description
- PNG image data, 16 x 16, 4-bit colormap, non-interlaced
- MD5
- 9fb559a691078558e77d6848202f6541
- SHA1
- ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
- SHA256
- 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
-
_25998095-5EA2-11EA-9662-0A0027F770FD_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- a3e164ced4dc3b27f8a452c5159943e8
- SHA1
- 04b97cfdb9a812dc12ef1bce8d8b923244925ff0
- SHA256
- c578e72f817a8d287bf08fa540f5a1462e1e115e1c6abf3067272568c781996b
-
search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico
- Size
- 237B (237 bytes)
- Type
- img image
- Description
- PNG image data, 16 x 16, 4-bit colormap, non-interlaced
- MD5
- 9fb559a691078558e77d6848202f6541
- SHA1
- ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
- SHA256
- 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
-
Notifications
-
Runtime
- Network whitenoise filtering (Process) was applied
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "string-0" are available in the report
- Not all sources for indicator ID "string-1" are available in the report
- Not all sources for indicator ID "string-10" are available in the report
- Not all sources for indicator ID "string-24" are available in the report
- Not all sources for indicator ID "string-63" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)
- Some low-level data is hidden, as this is only a slim report
Community
sahil saifi5969 commented 5 years ago updated
alexa commented 4 years ago updated
Warren123 commented 3 years ago updated
professionalitguy commented 3 years ago updated
pizzamoney commented 2 years ago updated
sami commented 1 year ago updated