Report generated with Buster Sandbox Analyzer 1.88 ...

Untitled

Never

Text

 Report generated with Buster Sandbox Analyzer 1.88 at 21:23:40 on 10/12/2017

 [ General information ]
   * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe
   * Process crashed

 [ Changes to filesystem ]
   * Creates file (empty) C:\WINDOWS\system32\Alaelib.dll
   * Modifies file C:\Documents and Settings\Administrator\Cookies\index.dat
   * Modifies file C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
   * Modifies file C:\Documents and Settings\Administrator\Local Settings\Temporary Intenet Files\Content.IE5\index.dat
   * Modifies file C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\savedata

 [ Changes to registry ]
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
   * Creates value "ITBarLayout=110000004C00000000000000240000001B000000560000000100000020070000A00F00000500000062050000260000000200000021070000A00F00000400000021010000A00F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Intenet Explorer\Toolbar\Explorer
   * Modifies value "iWindowPosX=00000051" in key HKEY_CURRENT_USER\software\Microsoft\Notepad
          old value "iWindowPosX=00000003"
   * Modifies value "iWindowPosY=00000070" in key HKEY_CURRENT_USER\software\Microsoft\Notepad
          old value "iWindowPosY=00000078"
   * Modifies value "HRZR_EHACNGU=05000000990000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
          old value "HRZR_EHACNGU=05000000A5000000F0D93F9B8B72D301"
   * Creates value "FbavpFNTR.rkr=05000000080000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Fnaqobk\Nqzvavfgengbe\QrsnhygObk\hfre\pheerag\Zl Qbphzragf\Qbjaybnqf\TngureOnggyr_Svany
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Intenet Settings\5.0\Cache\Extensible Cache\MSHist012017121020171211
   * Modifies value "WinPos1024x768(1).left=00000159" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).left=00000176"
   * Modifies value "WinPos1024x768(1).top=0000001D" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).top=0000003A"
   * Modifies value "WinPos1024x768(1).right=000003B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).right=000003CE"
   * Modifies value "WinPos1024x768(1).bottom=000001B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).bottom=000001CE"
   * Modifies value "WinPos1024x768(1).left=0000007B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).left=00000084"
   * Modifies value "WinPos1024x768(1).top=0000005B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).top=0000008A"
   * Modifies value "WinPos1024x768(1).right=0000039B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).right=000003A4"
   * Modifies value "WinPos1024x768(1).bottom=000002B3" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).bottom=000002E2"
   * Modifies value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0006002800100034004800000000000100000002000000030000000400000005000000B400600078007800B400B40000000000010000000200000003000000FFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000"
   * Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec

 [ Network services ]
   * Looks for an Intenet connection.
   * Queries DNS "whatsmyip.net".
   * Queries DNS "od.lk".
   * Queries DNS "www.sonicbattle.ga".
   * Queries DNS "play.google.com".
   * Queries DNS "play.l.google.com".
   * Queries DNS "tiles.services.mozilla.com".
   * Queries DNS "tiles.r53-2.services.mozilla.com".
   * Queries DNS "www.pastebin.com".
   * Queries DNS "pastebin.com".
   * Queries DNS "pub.freestar.io".
   * Queries DNS "cdn.carbonads.com".
   * Queries DNS "tags.expo9.exponential.com".
   * Queries DNS "cdn.fancybar.net".
   * Queries DNS "carbonads.bsa.netdna-cdn.com".
   * Queries DNS "www.google-analytics.com".
   * Queries DNS "fancybar.bsa.netdna-cdn.com".
   * Queries DNS "stats.g.doubleclick.net".
   * Queries DNS "tags.expo9.exponential.com.akadns.net".
   * Queries DNS "secure.quantserve.com".
   * Queries DNS "www-google-analytics.l.google.com".
   * Queries DNS "sb.scorecardresearch.com".
   * Queries DNS "stats.l.doubleclick.net".
   * Queries DNS "ocsp.comodoca.com".
   * Queries DNS "px-chg004.quantserve.com.akadns.net".
   * Queries DNS "e1879.e7.akamaiedge.net".
   * Queries DNS "ocsp.godaddy.com".
   * Queries DNS "rules.quantcount.com".
   * Queries DNS "ocsp.godaddy.com.akadns.net".
   * Queries DNS "d2fashanjl7d9f.cloudfront.net".
   * Queries DNS "s.tribalfusion.com".
   * Queries DNS "a-scl1.tribalfusion.com.akadns.net".
   * Queries DNS "pixel.quantserve.com".
   * Queries DNS "srv.carbonads.net".
   * Queries DNS "srv.buysellads.com".
   * Queries DNS "assets.servedby-buysellads.com".
   * Queries DNS "servedby.flashtalking.com".
   * Queries DNS "vip0x013.map2.ssl.hwcdn.net".
   * Queries DNS "proassets.bsa.netdna-cdn.com".
   * Queries DNS "cdnx.tribalfusion.com".
   * Queries DNS "www.googletagservices.com".
   * Queries DNS "e10524.g.akamaiedge.net".
   * Queries DNS "pixel.adsafeprotected.com".
   * Queries DNS "pagead46.l.doubleclick.net".
   * Queries DNS "anycast.pixel.adsafeprotected.com".
   * Queries DNS "ss.symcd.com".
   * Queries DNS "e8218.dscb1.akamaiedge.net".
   * Queries DNS "ad.doubleclick.net".
   * Queries DNS "dart.l.doubleclick.net".
   * Queries DNS "pagead2.googlesyndication.com".
   * Queries DNS "tpc.googlesyndication.com".
   * Queries DNS "pagead-googlehosted.l.google.com".
   * Queries DNS "sc.iasds01.com".
   * Queries DNS "dt.adsafeprotected.com".
   * Queries DNS "anycast.sc.iasds01.com".
   * Queries DNS "s0.2mdn.net".
   * Queries DNS "s0-2mdn-net.l.google.com".
   * Queries DNS "anycast.dt.adsafeprotected.com".
   * Queries DNS "cdn.krxd.net".
   * Queries DNS "googleads4.g.doubleclick.net".
   * Queries DNS "cdn-fastly.krxd.net.c.global-ssl.fastly.net".
   * Queries DNS "pagead.l.doubleclick.net".
   * Queries DNS "static.adsafeprotected.com".
   * Queries DNS "anycast.static.adsafeprotected.com".
   * Queries DNS "cdnjs.cloudflare.com".
   * Queries DNS "a.tribalfusion.com".
   * Queries DNS "ajax.googleapis.com".
   * Queries DNS "us-u.openx.net".
   * Queries DNS "googleapis.l.google.com".
   * Queries DNS "geo-um.btrll.com".
   * Queries DNS "simage2.pubmatic.com".
   * Queries DNS "pug33000n.pubmatic.com".
   * Queries DNS "pixel.rubiconproject.com".
   * Queries DNS "dpm.demdex.net".
   * Queries DNS "ums.adtechus.com".
   * Queries DNS "pixel.rubiconproject.net.akadns.net".
   * Queries DNS "dcs-edge-usw2-620097651.us-west-2.elb.amazonaws.com".
   * Queries DNS "dsum-sec.casalemedia.com".
   * Queries DNS "ib.adnxs.com".
   * Queries DNS "sync.adaptv.advertising.com".
   * Queries DNS "ads.stickyadstv.com".
   * Queries DNS "cm.g.doubleclick.net".
   * Queries DNS "pixel.advertising.com".
   * Queries DNS "e8037.g.akamaiedge.net".
   * Queries DNS "sync.search.spotxchange.com".
   * Queries DNS "cs939.wac.thetacdn.net".
   * Queries DNS "log-b-1270450396.us-west-1.elb.amazonaws.com".
   * Queries DNS "ib.anycast.adnxs.com".
   * Queries DNS "dmp-pixel.aolp-prd.public.aol.com".
   * Queries DNS "fonts.googleapis.com".
   * Queries DNS "cache.btrll.com".
   * Queries DNS "fp4.ads.stickyadstv.com.akadns.net".
   * Queries DNS "beacon.krxd.net".
   * Queries DNS "den01.sync.search.spotxchange.com".
   * Queries DNS "googleadapis.l.google.com".
   * Queries DNS "d1ibts9hn2apvm.cloudfront.net".
   * Queries DNS "beacon-17-537698933.us-east-1.elb.amazonaws.com".
   * Queries DNS "torque.admission.net".
   * Queries DNS "d14eam6yhxudjw.cloudfront.net".
   * Queries DNS "da.admission.net".
   * Queries DNS "combined-x-prod-1727023841.us-west-1.elb.amazonaws.com".
   * Queries DNS "ocsp.sca1b.amazontrust.com".
   * Queries DNS "cdn.admission.net".
   * Queries DNS "d2vbol2ne6iyzw.cloudfront.net".
   * Queries DNS "dt.admission.net".
   * Queries DNS "traffic.prod.cobaltgroup.com".
   * Queries DNS "nginxi-ext-las-prd.cdk.com".
   * Queries DNS "ocsp.digicert.com".
   * Queries DNS "cs9.wac.phicdn.net".
   * Queries DNS "z.moatads.com".
   * Queries DNS "e13136.g.akamaiedge.net".
   * Queries DNS "shavar.services.mozilla.com".
   * Queries DNS "shavar.prod.mozaws.net".
   * Queries DNS "px.moatads.com".
   * Queries DNS "safebrowsing.google.com".
   * Queries DNS "sb.l.google.com".
   * Queries DNS "safebrowsing-cache.google.com".
   * Queries DNS "safebrowsing.cache.l.google.com".
   * Queries DNS "web.opendrive.com".
   * Queries DNS "cs924.wac.thetacdn.net".
   * Queries DNS "log-c-2144142094.us-west-1.elb.amazonaws.com".
   * Queries DNS "www.microsoft.com".
   * Queries DNS "home.microsoft.com".
   * Queries DNS "www.msn.com".
   * Queries DNS "c.msn.com".
   * Queries DNS "otf.msn.com".
   * Queries DNS "at.atwola.com".
   * Queries DNS "static-global-s-msn-com.akamaized.net".
   * Queries DNS "c.bing.com".
   * Queries DNS "m.adnxs.com".
   * Queries DNS "ads-us.pictela.net".
   * Queries DNS "sp.analytics.yahoo.com".
   * Queries DNS "nym1-ib.adnxs.com".
   * Queries DNS "cdn.adnxs.com".
   * Queries DNS "static.onlinesyn.com".
   * Queries DNS "g.bing.com".
   * Queries DNS "static.chartbeat.com".
   * Queries DNS "www.bizographics.com".
   * Queries DNS "us-east-1.dc.ads.linkedin.com".
   * Queries DNS "ping.chartbeat.net".
   * Queries DNS "secure.adnxs.com".
   * Queries DNS "www.linkedin.com".
   * Queries DNS "dc.ads.linkedin.com".
   * Queries DNS "www.opendrive.com".
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "141.138.200.249" on port 80 (TCP - HTTP).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "38.108.185.79" on port 443 (TCP - HTTPS).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "172.217.4.83" on port 80 (TCP - HTTP).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "192.168.239.133" on port 4295 (TCP - HTTPS).
   * Downloads file from "whatsmyip.net/".
   * Downloads file from "www.sonicbattle.ga/".
   * Opens next URLs:
     http://whatsmyip.net/
     https://od.lk/s/117124254_OnAttackSonic
     http://www.sonicbattle.ga

 [ Process/window/string information ]
   * Gets user name information.
   * Gets computer name.
   * Checks for debuggers.
   * Creates a mutex "DirectSound DllMain mutex (0x000007A8)".
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-484763869-630328440-725345543-500MUTEX.DefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "Local\_!MSFTHISTORY!_".
   * Creates a mutex "Local\c:!documents and settings!administrator!local settings!temporary intenet files!content.ie5!".
   * Creates a mutex "Local\c:!documents and settings!administrator!cookies!".
   * Creates a mutex "Local\c:!documents and settings!administrator!local settings!history!history.ie5!".
   * Creates a mutex "RasPbFile".
   * Lists all entry names in a remote access phone book.
   * Opens a service named "RASMAN".
   * Opens a service named "Sens".
   * Creates a mutex "Local\ZonesCounterMutex".
   * Creates a mutex "Local\!IETld!Mutex".
   * Creates a mutex "Local\ZoneAttributeCacheCounterMutex".
   * Creates a mutex "Local\ZonesCacheCounterMutex".
   * Creates a mutex "Local\ZonesLockedCacheCounterMutex".
   * Creates a mutex "Local\c:!documents and settings!administrator!ietldcache!".
   * Creates a mutex "DDrawWindowListMutex".
   * Creates a mutex "__DDrawExclMode__".
   * Creates a mutex "__DDrawCheckExclMode__".
   * Enumerates running processes.
   * Creates process "null, C:\WINDOWS\system32\dwwin.exe -x -s 1252, C:\WINDOWS\system32".
   * Contains string Checked for AVG security software presence ("AVGW")

Report generated with Buster Sandbox Analyzer 1.88 at 21:23:40 on 10/12/2017

[ General information ]
   * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe
   * Process crashed

[ Changes to filesystem ]
   * Creates file (empty) C:\WINDOWS\system32\Alaelib.dll
   * Modifies file C:\Documents and Settings\Administrator\Cookies\index.dat
   * Modifies file C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
   * Modifies file C:\Documents and Settings\Administrator\Local Settings\Temporary Intenet Files\Content.IE5\index.dat
   * Modifies file C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\savedata

[ Changes to registry ]
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
   * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
   * Creates value "ITBarLayout=110000004C00000000000000240000001B000000560000000100000020070000A00F00000500000062050000260000000200000021070000A00F00000400000021010000A00F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Intenet Explorer\Toolbar\Explorer
   * Modifies value "iWindowPosX=00000051" in key HKEY_CURRENT_USER\software\Microsoft\Notepad
          old value "iWindowPosX=00000003"
   * Modifies value "iWindowPosY=00000070" in key HKEY_CURRENT_USER\software\Microsoft\Notepad
          old value "iWindowPosY=00000078"
   * Modifies value "HRZR_EHACNGU=05000000990000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
          old value "HRZR_EHACNGU=05000000A5000000F0D93F9B8B72D301"
   * Creates value "FbavpFNTR.rkr=05000000080000000066DE6E2D72D301" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Fnaqobk\Nqzvavfgengbe\QrsnhygObk\hfre\pheerag\Zl Qbphzragf\Qbjaybnqf\TngureOnggyr_Svany
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Intenet Settings\5.0\Cache\Extensible Cache\MSHist012017121020171211
   * Modifies value "WinPos1024x768(1).left=00000159" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).left=00000176"
   * Modifies value "WinPos1024x768(1).top=0000001D" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).top=0000003A"
   * Modifies value "WinPos1024x768(1).right=000003B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).right=000003CE"
   * Modifies value "WinPos1024x768(1).bottom=000001B1" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell
          old value "WinPos1024x768(1).bottom=000001CE"
   * Modifies value "WinPos1024x768(1).left=0000007B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).left=00000084"
   * Modifies value "WinPos1024x768(1).top=0000005B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).top=0000008A"
   * Modifies value "WinPos1024x768(1).right=0000039B" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).right=000003A4"
   * Modifies value "WinPos1024x768(1).bottom=000002B3" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "WinPos1024x768(1).bottom=000002E2"
   * Modifies value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0006002800100034004800000000000100000002000000030000000400000005000000B400600078007800B400B40000000000010000000200000003000000FFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\ShellNoRoam\Bags\72\Shell
          old value "ColInfo=00000000000000000000000000000000FDDFDFFD0F0000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000"
   * Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec

[ Network services ]
   * Looks for an Intenet connection.
   * Queries DNS "whatsmyip.net".
   * Queries DNS "od.lk".
   * Queries DNS "www.sonicbattle.ga".
   * Queries DNS "play.google.com".
   * Queries DNS "play.l.google.com".
   * Queries DNS "tiles.services.mozilla.com".
   * Queries DNS "tiles.r53-2.services.mozilla.com".
   * Queries DNS "www.pastebin.com".
   * Queries DNS "pastebin.com".
   * Queries DNS "pub.freestar.io".
   * Queries DNS "cdn.carbonads.com".
   * Queries DNS "tags.expo9.exponential.com".
   * Queries DNS "cdn.fancybar.net".
   * Queries DNS "carbonads.bsa.netdna-cdn.com".
   * Queries DNS "www.google-analytics.com".
   * Queries DNS "fancybar.bsa.netdna-cdn.com".
   * Queries DNS "stats.g.doubleclick.net".
   * Queries DNS "tags.expo9.exponential.com.akadns.net".
   * Queries DNS "secure.quantserve.com".
   * Queries DNS "www-google-analytics.l.google.com".
   * Queries DNS "sb.scorecardresearch.com".
   * Queries DNS "stats.l.doubleclick.net".
   * Queries DNS "ocsp.comodoca.com".
   * Queries DNS "px-chg004.quantserve.com.akadns.net".
   * Queries DNS "e1879.e7.akamaiedge.net".
   * Queries DNS "ocsp.godaddy.com".
   * Queries DNS "rules.quantcount.com".
   * Queries DNS "ocsp.godaddy.com.akadns.net".
   * Queries DNS "d2fashanjl7d9f.cloudfront.net".
   * Queries DNS "s.tribalfusion.com".
   * Queries DNS "a-scl1.tribalfusion.com.akadns.net".
   * Queries DNS "pixel.quantserve.com".
   * Queries DNS "srv.carbonads.net".
   * Queries DNS "srv.buysellads.com".
   * Queries DNS "assets.servedby-buysellads.com".
   * Queries DNS "servedby.flashtalking.com".
   * Queries DNS "vip0x013.map2.ssl.hwcdn.net".
   * Queries DNS "proassets.bsa.netdna-cdn.com".
   * Queries DNS "cdnx.tribalfusion.com".
   * Queries DNS "www.googletagservices.com".
   * Queries DNS "e10524.g.akamaiedge.net".
   * Queries DNS "pixel.adsafeprotected.com".
   * Queries DNS "pagead46.l.doubleclick.net".
   * Queries DNS "anycast.pixel.adsafeprotected.com".
   * Queries DNS "ss.symcd.com".
   * Queries DNS "e8218.dscb1.akamaiedge.net".
   * Queries DNS "ad.doubleclick.net".
   * Queries DNS "dart.l.doubleclick.net".
   * Queries DNS "pagead2.googlesyndication.com".
   * Queries DNS "tpc.googlesyndication.com".
   * Queries DNS "pagead-googlehosted.l.google.com".
   * Queries DNS "sc.iasds01.com".
   * Queries DNS "dt.adsafeprotected.com".
   * Queries DNS "anycast.sc.iasds01.com".
   * Queries DNS "s0.2mdn.net".
   * Queries DNS "s0-2mdn-net.l.google.com".
   * Queries DNS "anycast.dt.adsafeprotected.com".
   * Queries DNS "cdn.krxd.net".
   * Queries DNS "googleads4.g.doubleclick.net".
   * Queries DNS "cdn-fastly.krxd.net.c.global-ssl.fastly.net".
   * Queries DNS "pagead.l.doubleclick.net".
   * Queries DNS "static.adsafeprotected.com".
   * Queries DNS "anycast.static.adsafeprotected.com".
   * Queries DNS "cdnjs.cloudflare.com".
   * Queries DNS "a.tribalfusion.com".
   * Queries DNS "ajax.googleapis.com".
   * Queries DNS "us-u.openx.net".
   * Queries DNS "googleapis.l.google.com".
   * Queries DNS "geo-um.btrll.com".
   * Queries DNS "simage2.pubmatic.com".
   * Queries DNS "pug33000n.pubmatic.com".
   * Queries DNS "pixel.rubiconproject.com".
   * Queries DNS "dpm.demdex.net".
   * Queries DNS "ums.adtechus.com".
   * Queries DNS "pixel.rubiconproject.net.akadns.net".
   * Queries DNS "dcs-edge-usw2-620097651.us-west-2.elb.amazonaws.com".
   * Queries DNS "dsum-sec.casalemedia.com".
   * Queries DNS "ib.adnxs.com".
   * Queries DNS "sync.adaptv.advertising.com".
   * Queries DNS "ads.stickyadstv.com".
   * Queries DNS "cm.g.doubleclick.net".
   * Queries DNS "pixel.advertising.com".
   * Queries DNS "e8037.g.akamaiedge.net".
   * Queries DNS "sync.search.spotxchange.com".
   * Queries DNS "cs939.wac.thetacdn.net".
   * Queries DNS "log-b-1270450396.us-west-1.elb.amazonaws.com".
   * Queries DNS "ib.anycast.adnxs.com".
   * Queries DNS "dmp-pixel.aolp-prd.public.aol.com".
   * Queries DNS "fonts.googleapis.com".
   * Queries DNS "cache.btrll.com".
   * Queries DNS "fp4.ads.stickyadstv.com.akadns.net".
   * Queries DNS "beacon.krxd.net".
   * Queries DNS "den01.sync.search.spotxchange.com".
   * Queries DNS "googleadapis.l.google.com".
   * Queries DNS "d1ibts9hn2apvm.cloudfront.net".
   * Queries DNS "beacon-17-537698933.us-east-1.elb.amazonaws.com".
   * Queries DNS "torque.admission.net".
   * Queries DNS "d14eam6yhxudjw.cloudfront.net".
   * Queries DNS "da.admission.net".
   * Queries DNS "combined-x-prod-1727023841.us-west-1.elb.amazonaws.com".
   * Queries DNS "ocsp.sca1b.amazontrust.com".
   * Queries DNS "cdn.admission.net".
   * Queries DNS "d2vbol2ne6iyzw.cloudfront.net".
   * Queries DNS "dt.admission.net".
   * Queries DNS "traffic.prod.cobaltgroup.com".
   * Queries DNS "nginxi-ext-las-prd.cdk.com".
   * Queries DNS "ocsp.digicert.com".
   * Queries DNS "cs9.wac.phicdn.net".
   * Queries DNS "z.moatads.com".
   * Queries DNS "e13136.g.akamaiedge.net".
   * Queries DNS "shavar.services.mozilla.com".
   * Queries DNS "shavar.prod.mozaws.net".
   * Queries DNS "px.moatads.com".
   * Queries DNS "safebrowsing.google.com".
   * Queries DNS "sb.l.google.com".
   * Queries DNS "safebrowsing-cache.google.com".
   * Queries DNS "safebrowsing.cache.l.google.com".
   * Queries DNS "web.opendrive.com".
   * Queries DNS "cs924.wac.thetacdn.net".
   * Queries DNS "log-c-2144142094.us-west-1.elb.amazonaws.com".
   * Queries DNS "www.microsoft.com".
   * Queries DNS "home.microsoft.com".
   * Queries DNS "www.msn.com".
   * Queries DNS "c.msn.com".
   * Queries DNS "otf.msn.com".
   * Queries DNS "at.atwola.com".
   * Queries DNS "static-global-s-msn-com.akamaized.net".
   * Queries DNS "c.bing.com".
   * Queries DNS "m.adnxs.com".
   * Queries DNS "ads-us.pictela.net".
   * Queries DNS "sp.analytics.yahoo.com".
   * Queries DNS "nym1-ib.adnxs.com".
   * Queries DNS "cdn.adnxs.com".
   * Queries DNS "static.onlinesyn.com".
   * Queries DNS "g.bing.com".
   * Queries DNS "static.chartbeat.com".
   * Queries DNS "www.bizographics.com".
   * Queries DNS "us-east-1.dc.ads.linkedin.com".
   * Queries DNS "ping.chartbeat.net".
   * Queries DNS "secure.adnxs.com".
   * Queries DNS "www.linkedin.com".
   * Queries DNS "dc.ads.linkedin.com".
   * Queries DNS "www.opendrive.com".
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "141.138.200.249" on port 80 (TCP - HTTP).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "38.108.185.79" on port 443 (TCP - HTTPS).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "172.217.4.83" on port 80 (TCP - HTTP).
   * C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe Connects to "192.168.239.133" on port 4295 (TCP - HTTPS).
   * Downloads file from "whatsmyip.net/".
   * Downloads file from "www.sonicbattle.ga/".
   * Opens next URLs:
     http://whatsmyip.net/
     https://od.lk/s/117124254_OnAttackSonic
     http://www.sonicbattle.ga

[ Process/window/string information ]
   * Gets user name information.
   * Gets computer name.
   * Checks for debuggers.
   * Creates a mutex "DirectSound DllMain mutex (0x000007A8)".
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-484763869-630328440-725345543-500MUTEX.DefaultS-1-5-21-484763869-630328440-725345543-500".
   * Creates a mutex "Local\_!MSFTHISTORY!_".
   * Creates a mutex "Local\c:!documents and settings!administrator!local settings!temporary intenet files!content.ie5!".
   * Creates a mutex "Local\c:!documents and settings!administrator!cookies!".
   * Creates a mutex "Local\c:!documents and settings!administrator!local settings!history!history.ie5!".
   * Creates a mutex "RasPbFile".
   * Lists all entry names in a remote access phone book.
   * Opens a service named "RASMAN".
   * Opens a service named "Sens".
   * Creates a mutex "Local\ZonesCounterMutex".
   * Creates a mutex "Local\!IETld!Mutex".
   * Creates a mutex "Local\ZoneAttributeCacheCounterMutex".
   * Creates a mutex "Local\ZonesCacheCounterMutex".
   * Creates a mutex "Local\ZonesLockedCacheCounterMutex".
   * Creates a mutex "Local\c:!documents and settings!administrator!ietldcache!".
   * Creates a mutex "DDrawWindowListMutex".
   * Creates a mutex "__DDrawExclMode__".
   * Creates a mutex "__DDrawCheckExclMode__".
   * Enumerates running processes.
   * Creates process "null, C:\WINDOWS\system32\dwwin.exe -x -s 1252, C:\WINDOWS\system32".
   * Contains string Checked for AVG security software presence ("AVGW")

Raw Text

Report generated with Buster Sandbox Analyzer 1.88 at 21:23:40 on 10/12/2017

[ General information ]
   * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\GatherBattle_Final\SonicSAGE.exe
   * Process crashed

Untitled

Text

Raw Text

Recent Public Pastes