Untitled
Never
Report generated with Buster Sandbox Analyzer 1.88 at 21:23:40 on 10/12/2017 [ General information ] * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe * Process crashed [ Changes to filesystem ] * Creates file (empty) C:\WINDOWS\system32\Alaelib.dll * Modifies file C:\Documents and Settings\Administrator\Cookies\index.dat * Modifies file C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat * Modifies file C:\Documents and Settings\Administrator\Local Settings\Temporary Intenet Files\Content.IE5\index.dat * Modifies file C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\savedata [ Changes to registry ] * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket old value empty * Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps * Creates value "ITBarLayout=110000004C00000000000000240000001B000000560000000100000020070000A00F00000500000062050000260000000200000021070000A00F00000400000021010000A00F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Intenet Explorer\Toolbar\Explorer * Modifies value "iWindowPosX=00000051" in key HKEY_CURRENT_USER\software\Microsoft\Notepad old value "iWindowPosX=00000003" * Modifies value "iWindowPosY=00000070" in key HKEY_CURRENT_USER\software\Microsoft\Notepad old value "iWindowPosY=00000078" * Modifies value "HRZR_EHACNGU=05000000990000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count old value "HRZR_EHACNGU=05000000A5000000F0D93F9B8B72D301" * Creates value "FbavpFNTR.rkr=05000000080000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Fnaqobk\Nqzvavfgengbe\QrsnhygObk\hfre\pheerag\Zl Qbphzragf\Qbjaybnqf\TngureOnggyr_Svany * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Intenet Settings\5.0\Cache\Extensible Cache\MSHist012017121020171211 * Modifies value "WinPos1024x768(1).left=00000159" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell old value "WinPos1024x768(1).left=00000176" * Modifies value "WinPos1024x768(1).top=0000001D" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell old value "WinPos1024x768(1).top=0000003A" * Modifies value "WinPos1024x768(1).right=000003B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell old value "WinPos1024x768(1).right=000003CE" * Modifies value "WinPos1024x768(1).bottom=000001B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell old value "WinPos1024x768(1).bottom=000001CE" * Modifies value "WinPos1024x768(1).left=0000007B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell old value "WinPos1024x768(1).left=00000084" * Modifies value "WinPos1024x768(1).top=0000005B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell old value "WinPos1024x768(1).top=0000008A" * Modifies value "WinPos1024x768(1).right=0000039B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell old value "WinPos1024x768(1).right=000003A4" * Modifies value "WinPos1024x768(1).bottom=000002B3" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell old value "WinPos1024x768(1).bottom=000002E2" * Modifies value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0006002800100034004800000000000100000002000000030000000400000005000000B400600078007800B400B40000000000010000000200000003000000FFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell old value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000" * Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec [ Network services ] * Looks for an Intenet connection. * Queries DNS "whatsmyip.net". * Queries DNS "od.lk". * Queries DNS "www.sonicbattle.ga". * Queries DNS "play.google.com". * Queries DNS "play.l.google.com". * Queries DNS "tiles.services.mozilla.com". * Queries DNS "tiles.r53-2.services.mozilla.com". * Queries DNS "www.pastebin.com". * Queries DNS "pastebin.com". * Queries DNS "pub.freestar.io". * Queries DNS "cdn.carbonads.com". * Queries DNS "tags.expo9.exponential.com". * Queries DNS "cdn.fancybar.net". * Queries DNS "carbonads.bsa.netdna-cdn.com". * Queries DNS "www.google-analytics.com". * Queries DNS "fancybar.bsa.netdna-cdn.com". * Queries DNS "stats.g.doubleclick.net". * Queries DNS "tags.expo9.exponential.com.akadns.net". * Queries DNS "secure.quantserve.com". * Queries DNS "www-google-analytics.l.google.com". * Queries DNS "sb.scorecardresearch.com". * Queries DNS "stats.l.doubleclick.net". * Queries DNS "ocsp.comodoca.com". * Queries DNS "px-chg004.quantserve.com.akadns.net". * Queries DNS "e1879.e7.akamaiedge.net". * Queries DNS "ocsp.godaddy.com". * Queries DNS "rules.quantcount.com". * Queries DNS "ocsp.godaddy.com.akadns.net". * Queries DNS "d2fashanjl7d9f.cloudfront.net". * Queries DNS "s.tribalfusion.com". * Queries DNS "a-scl1.tribalfusion.com.akadns.net". * Queries DNS "pixel.quantserve.com". * Queries DNS "srv.carbonads.net". * Queries DNS "srv.buysellads.com". * Queries DNS "assets.servedby-buysellads.com". * Queries DNS "servedby.flashtalking.com". * Queries DNS "vip0x013.map2.ssl.hwcdn.net". * Queries DNS "proassets.bsa.netdna-cdn.com". * Queries DNS "cdnx.tribalfusion.com". * Queries DNS "www.googletagservices.com". * Queries DNS "e10524.g.akamaiedge.net". * Queries DNS "pixel.adsafeprotected.com". * Queries DNS "pagead46.l.doubleclick.net". * Queries DNS "anycast.pixel.adsafeprotected.com". * Queries DNS "ss.symcd.com". * Queries DNS "e8218.dscb1.akamaiedge.net". * Queries DNS "ad.doubleclick.net". * Queries DNS "dart.l.doubleclick.net". * Queries DNS "pagead2.googlesyndication.com". * Queries DNS "tpc.googlesyndication.com". * Queries DNS "pagead-googlehosted.l.google.com". * Queries DNS "sc.iasds01.com". * Queries DNS "dt.adsafeprotected.com". * Queries DNS "anycast.sc.iasds01.com". * Queries DNS "s0.2mdn.net". * Queries DNS "s0-2mdn-net.l.google.com". * Queries DNS "anycast.dt.adsafeprotected.com". * Queries DNS "cdn.krxd.net". * Queries DNS "googleads4.g.doubleclick.net". * Queries DNS "cdn-fastly.krxd.net.c.global-ssl.fastly.net". * Queries DNS "pagead.l.doubleclick.net". * Queries DNS "static.adsafeprotected.com". * Queries DNS "anycast.static.adsafeprotected.com". * Queries DNS "cdnjs.cloudflare.com". * Queries DNS "a.tribalfusion.com". * Queries DNS "ajax.googleapis.com". * Queries DNS "us-u.openx.net". * Queries DNS "googleapis.l.google.com". * Queries DNS "geo-um.btrll.com". * Queries DNS "simage2.pubmatic.com". * Queries DNS "pug33000n.pubmatic.com". * Queries DNS "pixel.rubiconproject.com". * Queries DNS "dpm.demdex.net". * Queries DNS "ums.adtechus.com". * Queries DNS "pixel.rubiconproject.net.akadns.net". * Queries DNS "dcs-edge-usw2-620097651.us-west-2.elb.amazonaws.com". * Queries DNS "dsum-sec.casalemedia.com". * Queries DNS "ib.adnxs.com". * Queries DNS "sync.adaptv.advertising.com". * Queries DNS "ads.stickyadstv.com". * Queries DNS "cm.g.doubleclick.net". * Queries DNS "pixel.advertising.com". * Queries DNS "e8037.g.akamaiedge.net". * Queries DNS "sync.search.spotxchange.com". * Queries DNS "cs939.wac.thetacdn.net". * Queries DNS "log-b-1270450396.us-west-1.elb.amazonaws.com". * Queries DNS "ib.anycast.adnxs.com". * Queries DNS "dmp-pixel.aolp-prd.public.aol.com". * Queries DNS "fonts.googleapis.com". * Queries DNS "cache.btrll.com". * Queries DNS "fp4.ads.stickyadstv.com.akadns.net". * Queries DNS "beacon.krxd.net". * Queries DNS "den01.sync.search.spotxchange.com". * Queries DNS "googleadapis.l.google.com". * Queries DNS "d1ibts9hn2apvm.cloudfront.net". * Queries DNS "beacon-17-537698933.us-east-1.elb.amazonaws.com". * Queries DNS "torque.admission.net". * Queries DNS "d14eam6yhxudjw.cloudfront.net". * Queries DNS "da.admission.net". * Queries DNS "combined-x-prod-1727023841.us-west-1.elb.amazonaws.com". * Queries DNS "ocsp.sca1b.amazontrust.com". * Queries DNS "cdn.admission.net". * Queries DNS "d2vbol2ne6iyzw.cloudfront.net". * Queries DNS "dt.admission.net". * Queries DNS "traffic.prod.cobaltgroup.com". * Queries DNS "nginxi-ext-las-prd.cdk.com". * Queries DNS "ocsp.digicert.com". * Queries DNS "cs9.wac.phicdn.net". * Queries DNS "z.moatads.com". * Queries DNS "e13136.g.akamaiedge.net". * Queries DNS "shavar.services.mozilla.com". * Queries DNS "shavar.prod.mozaws.net". * Queries DNS "px.moatads.com". * Queries DNS "safebrowsing.google.com". * Queries DNS "sb.l.google.com". * Queries DNS "safebrowsing-cache.google.com". * Queries DNS "safebrowsing.cache.l.google.com". * Queries DNS "web.opendrive.com". * Queries DNS "cs924.wac.thetacdn.net". * Queries DNS "log-c-2144142094.us-west-1.elb.amazonaws.com". * Queries DNS "www.microsoft.com". * Queries DNS "home.microsoft.com". * Queries DNS "www.msn.com". * Queries DNS "c.msn.com". * Queries DNS "otf.msn.com". * Queries DNS "at.atwola.com". * Queries DNS "static-global-s-msn-com.akamaized.net". * Queries DNS "c.bing.com". * Queries DNS "m.adnxs.com". * Queries DNS "ads-us.pictela.net". * Queries DNS "sp.analytics.yahoo.com". * Queries DNS "nym1-ib.adnxs.com". * Queries DNS "cdn.adnxs.com". * Queries DNS "static.onlinesyn.com". * Queries DNS "g.bing.com". * Queries DNS "static.chartbeat.com". * Queries DNS "www.bizographics.com". * Queries DNS "us-east-1.dc.ads.linkedin.com". * Queries DNS "ping.chartbeat.net". * Queries DNS "secure.adnxs.com". * Queries DNS "www.linkedin.com". * Queries DNS "dc.ads.linkedin.com". * Queries DNS "www.opendrive.com". * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "141.138.200.249" on port 80 (TCP - HTTP). * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "38.108.185.79" on port 443 (TCP - HTTPS). * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "172.217.4.83" on port 80 (TCP - HTTP). * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "192.168.239.133" on port 4295 (TCP - HTTPS). * Downloads file from "whatsmyip.net/". * Downloads file from "www.sonicbattle.ga/". * Opens next URLs: http://whatsmyip.net/ https://od.lk/s/117124254_OnAttackSonic http://www.sonicbattle.ga [ Process/window/string information ] * Gets user name information. * Gets computer name. * Checks for debuggers. * Creates a mutex "DirectSound DllMain mutex (0x000007A8)". * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-484763869-630328440-725345543-500MUTEX.DefaultS-1-5-21-484763869-630328440-725345543-500". * Creates a mutex "Local\_!MSFTHISTORY!_". * Creates a mutex "Local\c:!documents and settings!administrator!local settings!temporary intenet files!content.ie5!". * Creates a mutex "Local\c:!documents and settings!administrator!cookies!". * Creates a mutex "Local\c:!documents and settings!administrator!local settings!history!history.ie5!". * Creates a mutex "RasPbFile". * Lists all entry names in a remote access phone book. * Opens a service named "RASMAN". * Opens a service named "Sens". * Creates a mutex "Local\ZonesCounterMutex". * Creates a mutex "Local\!IETld!Mutex". * Creates a mutex "Local\ZoneAttributeCacheCounterMutex". * Creates a mutex "Local\ZonesCacheCounterMutex". * Creates a mutex "Local\ZonesLockedCacheCounterMutex". * Creates a mutex "Local\c:!documents and settings!administrator!ietldcache!". * Creates a mutex "DDrawWindowListMutex". * Creates a mutex "__DDrawExclMode__". * Creates a mutex "__DDrawCheckExclMode__". * Enumerates running processes. * Creates process "null, C:\WINDOWS\system32\dwwin.exe -x -s 1252, C:\WINDOWS\system32". * Contains string Checked for AVG security software presence ("AVGW")
Raw Text
-
with teens
6 min ago
-
I'm obsessed with camel toe of my yoga instructor who I met on Rokolo dating site
12 min ago
-
Adult Telegram Channels
23 min ago
-
sdfdfs dsfdf fdsfd fdsfdsfd dsffd
26 min ago
-
dfsdfdsfddssddq
42 min ago
-
Dahlia Sky And Holly Taylor Love Licking Box
43 min ago
-
Adult Telegram Channels
53 min ago
-
wATCH-{'𝐄𝐍𝐆'}!~Monkey Man 2024 (.FuLLMovie.) online 𝟏𝟐𝟑𝐌𝐎𝐕𝐈𝐄𝐒
55 min ago
-
cvxjtrkjretjkgdfgdf
1 hour ago
-
Aunt Judy's XXX - 60 Plus Busty Mature Teacher Nicole DuPapillon Fucks Her Student
1 hour ago