Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:20.0.0
Analysis ID:343043
Start time:19:22:38
Joe Sandbox Product:Cloud
Start date:18.08.2017
Overall analysis duration:0h 22m 27s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:y872ff2.exe
Cookbook file name:default.jbs
Analysis system description:Windows 7 (Office 2010 v14.0.4, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:15
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • VBA Instrumentation enabled
  • JavaScript Instrumentation enabled
Detection:MAL
Classification:mal72.rans.winEXE@7/157@0/5
HCA Information:
  • Successful, ratio: 54%
  • Number of executed functions: 198
  • Number of non-executed functions: 47
EGA Information:
  • Successful, ratio: 100%
Cookbook Comments:
  • Sleeps bigger than 20000ms are automatically reduced to 500ms
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Max analysis timeout: 600s exceeded, the analysis took too long
  • Exclude process from analysis (whitelisted): mscorsvw.exe, svchost.exe, VSSVC.exe, WmiApSrv.exe, conhost.exe, WMIADAP.exe, dllhost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.


Detection

StrategyScoreRangeReportingDetection
Threshold720 - 100Report FP / FNmalicious


Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for submitted fileShow sources
Source: y872ff2.exevirustotal: 53/62 detections Avast: Win32:Malware-gen, AVG: Win32:Malware-gen, Avira: TR/Kryptik.vhszc, AegisLab: Ml.Attribute.Gen!c, Paloalto: generic.ml, WhiteArmor: Malware.HighConfidence, Webroot: W32.Trojan.Gen, Qihoo-360: HEUR/QVM19.1.0CCA.Malware.Gen, BitDefender: Trojan.GenericKD.5795255, Emsisoft: Trojan.GenericKD.5795255 (B), MicroWorld-eScan: Trojan.GenericKD.5795255, McAfee-GW-Edition: BehavesLike.Win32.Upatre.jc, Fortinet: W32/Locky.KAD!tr, GData: Trojan.GenericKD.5795255, Sophos: Troj/Locky-XT, ESET-NOD32: a variant of Win32/Kryptik.FVLR, McAfee: RDN/Generic.grp, TrendMicro: Ransom_LOCKY.DLDTATI, SentinelOne: static engine - malicious, Cyren: W32/Trojan.COXI-7304, Symantec: Ransom.TeslaCrypt, CrowdStrike: malicious_confidence_100% (W), ALYac: Trojan.Ransom.LockyCrypt, NANO-Antivirus: Trojan.Win32.Locky.erxitp, Ad-Aware: Trojan.GenericKD.5795255, K7AntiVirus: Trojan ( 005142101 ), AhnLab-V3: Trojan/Win32.Locky.R206757, SUPERAntiSpyware: Ransom.Cerber/Variant, TrendMicro-HouseCall: Ransom_LOCKY.DLDTATI, MicrosPerma Link

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic ProviderShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00415270 GetLastError,CryptAcquireContextA,0_2_00415270
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_004152E6 GetLastError,CryptAcquireContextA,0_2_004152E6
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040F8A0 CryptReleaseContext,0_2_0040F8A0
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040FB00 CryptDestroyKey,0_2_0040FB00
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040F9B0 CryptGenRandom,GetLastError,0_2_0040F9B0
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00415390 GetLastError,CryptImportKey,CryptDestroyKey,0_2_00415390
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00419379 CryptReleaseContext,0_2_00419379
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040FB13 CryptDestroyKey,0_2_0040FB13
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00416140 CryptDestroyKey,CryptReleaseContext,0_2_00416140
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040FB40 CryptDestroyKey,0_2_0040FB40
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040F91B CryptReleaseContext,0_2_0040F91B
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040F8E0 CryptReleaseContext,0_2_0040F8E0
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040FBE0 CryptEncrypt,GetLastError,0_2_0040FBE0

Spam, unwanted Advertisements and Ransom Demands:

barindex
Contains functionality to import cryptographic keys (often used in ransomware)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00415390 GetLastError,CryptImportKey,CryptDestroyKey,0_2_00415390
Changes the wallpaper pictureShow sources
Source: C:\Users\user\Desktop\y872ff2.exeSystemParametersInfo: C:\Users\user\Desktop\diablo6.bmp
Modifies existing user documents (likey ransomware behavior)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeFile moved: C:\Users\user\Desktop\8886835349.doc
Source: C:\Users\user\Desktop\y872ff2.exeFile moved: C:\Users\user\Desktop\6422942404.doc
Source: C:\Users\user\Desktop\y872ff2.exeFile moved: C:\Users\user\Desktop\8182259827.doc
Source: C:\Users\user\Desktop\y872ff2.exeFile moved: C:\Users\user\Desktop\7245361316.doc
Ransomware detected (based on file extension or ransom instructions from fsrm.experiant.ca)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-6B211009-EE74B58D24B4.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\DX1KWDRT-SWHS-3N44-9C0BC7B8-77B121E762C4.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\DX1KWDRT-SWHS-3N44-D4C9A525-FE9FDB842CEE.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\DX1KWDRT-SWHS-3N44-FB77D1FC-A0BBFE41800B.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\DX1KWDRT-SWHS-3N44-05FDA6DD-E2799F720F12.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\DX1KWDRT-SWHS-3N44-D3A01F0F-399CD79F7BFC.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\DX1KWDRT-SWHS-3N44-1C882090-6083E68A29BB.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Windows NT\MSScan\DX1KWDRT-SWHS-3N44-372C1AF2-D4441AEE070F.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\DX1KWDRT-SWHS-3N44-6AC76FD6-BBB08AE940F9.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-B83DB32C-1C0DFE7A9282.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-C371AFA4-51C4B3DA2F72.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-B87CE978-D194B11C30AE.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-9151A83B-0185E7CD71CB.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-16B3046D-0389FA1ED436.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-B04A7CB2-D59B70D333C0.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-93667567-48393B93CAC0.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-46E02FDD-46B5BC12EB5E.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-09F35816-50333C6ED5BD.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-C74F384F-830830A8882C.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-09F1FE9E-F31C44B9C3F7.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-CE32DE59-DC2FCFF73B7F.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-9B88FE27-47E8197ADD5D.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-18C21800-53B6850C9144.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-DAA6DAA0-D9831C6EB3CE.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-A56D1C4B-0378A2894EB3.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-ECE40EFA-98EA844AC354.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-9487B013-238CEBB7915A.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-76FD415A-FA3FB51B63C9.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-D19CD156-5CE15E2B8986.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-D5565821-5F42AF8D3FD1.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-77D219A4-9B73FF318262.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-AACAC23A-73246FBF1098.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-2C526F95-7EBB5D7864B7.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-4D1DE250-8C7F87BE0680.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-92E2E88E-4E4E61214CB4.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-E558E0F7-647595672535.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-B5643B6D-9AB60CC7EA87.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-FF67C6F7-A0A40862C1C9.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-0CE45665-F3BC0D684DC8.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-0FAFECF6-9C9177C7B021.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-CE9735D5-714DBCBF6F5D.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-3E2D5E51-BFBE603A9CF8.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-5F583363-28F534B37723.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\User Account Pictures\Default Pictures\DX1KWDRT-SWHS-3N44-A7CA5F86-FE80D29F2EC8.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-4E518D26-7A155DC82EBB.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-86F2C715-9B4E66465305.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-1F0721B1-AB42ECBD9D9E.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-48BF6EC1-442DB5B8A4A0.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\DX1KWDRT-SWHS-3N44-78566B2F-AC2DA5A60F2A.diablo6
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\DX1KWDRT-SWHS-3N44-49DF324C-13BF105BA10F.diablo6
Writes a notice file (html or txt) to demand a ransomShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\Users\user\Desktop\diablo6-19ec.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<span class='nwuanfwnoi'>b</span><font><div
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\diablo6-db6f.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<span class='nwuanfwnoi'>b</span><font><div class=rikjjikvuzl>e
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\diablo6-3952.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<sp
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\diablo6-6706.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<sp
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\diablo6-83a4.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<sp
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\Users\Default\diablo6-1193.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<span class='nwuanfwnoi'>b</span><font><div class
Source: C:\Users\user\Desktop\y872ff2.exeFile dropped: C:\Users\user\Desktop\diablo6.htm -> decrypting<span class='nwuanfwnoi'>e</span>of<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>mferbcab</div>your<span class='nwuanfwnoi'> </span><div class=rikjjikvuzl>alhdhlr</div>files<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>chaqugrg</div>is<span class='nwuanfwnoi'> </span><font id='dmprfrgn'>only<span class='nwuanfwnoi'> </span>possible<span class='nwuanfwnoi'>d</span>with<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>vjgokvjatm</div>the<span class='nwuanfwnoi'>d</span>private<span class='nwuanfwnoi'>a</span><div class=rikjjikvuzl>nulzeryuk</div>key<span class='nwuanfwnoi'>e</span>and<span class='nwuanfwnoi'>e</span>decrypt<span class='nwuanfwnoi'>&nbsp;</span><div class=rikjjikvuzl>ffcjflicw</div>program,<span class='nwuanfwnoi'> </span>which<span class='nwuanfwnoi'>d</span>is<span class='nwuanfwnoi'>e</span><div class=rikjjikvuzl>uuockchktirn</div>on<span class='nwuanfwnoi'> </span>our<span class='nwuanfwnoi'>b</span><font><div class

Networking:

barindex
Downloads filesShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNNUVO51\favicon[1].ico
Found strings which match to known social media urlsShow sources
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</F equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.my.search.yahoo.com/os?market=my&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.nz.search.yahoo.com/os?market=nz&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.ph.search.yahoo.com/os?market=ph&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.sg.search.yahoo.c0 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.sg.search.yahoo.com/os?market=sg&amp;appid=ie8&amp;command= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.sg.search.yahoo.com/os?market=sg&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.th.search.yahoo.com/os?market=th&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.tw.search.yahoo.com/os?market=tw&^ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.tw.search.yahoo.com/os?market=tw&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.uk.search.yahoo.com/os?market=uk&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://hk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://id.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.searchcenter.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={sea equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={seac equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={seax equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://nz.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerm equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/se equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searct equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;pk equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: iexplore.exeString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exeString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: iexplore.exeString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: iexplore.exeString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: iexplore.exeString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: .th.search.yahoo.com/os?market=th&amp;appid=ie8&amp;command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: .yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: /search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: 3http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command={searchTerms}ght={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market=zh-cnENTSS&pc=MICB39V&U equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: </SearchProviderUpgradeList>.yahoo.com/search?ei=UTF-8&amp;fr=yie7c&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: Free Hotmail.url equals www.hotmail.com (Hotmail)
Source: iexplore.exeString found in binary or memory: L>http://sugg-ie.ph.search.yahoo.com/os?market equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cf.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&command={SearchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://kr.searchcenter.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ru.search.yahoo.com equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.cn.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie7 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie7c equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=yie8ms equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&amp;fr=yie8ms&amp;p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://th.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://th.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms} equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://vn.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: http://vn.search.yahoo.com/search?p={searchTerms}&type= equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: search.yahoo equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: th.search.yahoo.com/search?p={searchTerms}&amp;type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: yahoo.com/search?p={searchTerms}&amp;fr=chr-ty equals www.yahoo.com (Yahoo)
Source: iexplore.exeString found in binary or memory: {0633EE93-D776-472f-A0FF-E1416B8B2E3A}ms}&src=IE-SearchBox&FORM=IENTTRsearch.yahoo equals www.yahoo.com (Yahoo)
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /checkupdate HTTP/1.1Accept: */*Accept-Language: en-usReferer: http://83.217.8.61/x-requested-with: XMLHttpRequestContent-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateCache-Control: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 83.217.8.61Content-Length: 602Connection: Keep-Alive
Urls found in memory or binary dataShow sources
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/appdata/local/microsoft/windows/temporary%20internet%20files/content.ie5
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/6422942404.doc
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/7245361316.doc
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/8182259827.doc
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/8182259827.doc8
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/8886835349.doc
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/8886835349.docd
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/8886835349.doclmem
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.bmp
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm%20-%20internet%20explorermf
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm&
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm6
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm6.htm
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htm7
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmad
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmb
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htme
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htme-topresult&form=ie11tr
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmet
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmg
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmgd
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmld
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmo
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmows
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmp
Source: y872ff2.exe, iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htms
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmy
Source: iexplore.exeString found in binary or memory: file:///c:/users/user/desktop/diablo6.htmz
Source: iexplore.exeString found in binary or memory: http://
Source: iexplore.exeString found in binary or memory: http://%s.com
Source: iexplore.exeString found in binary or memory: http://amazon.fr/
Source: iexplore.exeString found in binary or memory: http://api.bing.com/qsml.aspx?query=
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://ar.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exeString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://arianna.libero.it/
Source: iexplore.exeString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exeString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://au.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://auto.search.msn.com/response.asp?mt=
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://br.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exeString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exeString found in binary or memory: http://busca.orange.es/
Source: iexplore.exeString found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exeString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com/
Source: iexplore.exeString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://buscador.terra.es/
Source: iexplore.exeString found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exeString found in binary or memory: http://buscar.ya.com/
Source: iexplore.exeString found in binary or memory: http://busqueda.aol.com.mx/
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://ca.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://cdp1.public-trust.com/crl/omniroot2025.crl0
Source: iexplore.exeString found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exeString found in binary or memory: http://cf.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exeString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://cl.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exeString found in binary or memory: http://cn.bing.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://cn.bing.com/search?q=
Source: iexplore.exeString found in binary or memory: http://cnet.search.com/
Source: iexplore.exeString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://co.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://corp.naukri.com/
Source: iexplore.exeString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q
Source: iexplore.exeString found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06
Source: iexplore.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: iexplore.exeString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: iexplore.exeString found in binary or memory: http://crl.microsoft
Source: iexplore.exeString found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0
Source: iexplore.exeString found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0
Source: iexplore.exeString found in binary or memory: http://crl.usertrust.com/utn-userfirst-object.crl0)
Source: iexplore.exeString found in binary or memory: http://crl3.digicert.com/omniroot2025.crl0=
Source: iexplore.exeString found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://cs.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: iexplore.exeString found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://de.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://de.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/advanced_encrypt:
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/advanced_encryption_standard
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/rsa_(crypto
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/rsa_(cryptosystem)
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/rsa_(cryptosystem)5
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/rsa_(cryptosystem)gk
Source: iexplore.exeString found in binary or memory: http://en.wikipedia.org/wiki/rsa_(cryptosystem)zk
Source: iexplore.exeString found in binary or memory: http://es.ask.com/
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://es.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://es.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://espanol.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://espn.go.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://find.joins.com/
Source: iexplore.exeString found in binary or memory: http://fontfabrik.comq
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://fr.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://fr.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://hk.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://home.altervista.org/
Source: iexplore.exeString found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://id.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exeString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exeString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exeString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exeString found in binary or memory: http://images.monster.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exeString found in binary or memory: http://in.search
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://in.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://in.searchsnie8&amp;pc=msnie8&amp;s
Source: iexplore.exeString found in binary or memory: http://it.search.dada.net/
Source: iexplore.exeString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://it.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://it.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://ja.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://kr.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://kr.searchcenter.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://list.taobao.com/
Source: iexplore.exeString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: iexplore.exeString found in binary or memory: http://livesearch.msn.co.kr/
Source: iexplore.exeString found in binary or memory: http://livesearch.msn.co.kr/my
Source: iexplore.exeString found in binary or memory: http://livesearch.msn.co.kr/u
Source: iexplore.exeString found in binary or memory: http://mail.live.com/
Source: iexplore.exeString found in binary or memory: http://mail.live.com/?rru=compose%3fsubject%3d
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://malaysia.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://mx.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://nl.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://nz.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0%
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0-
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com0/
Source: iexplore.exeString found in binary or memory: http://ocsp.comodoca.com05
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.com0:
Source: iexplore.exeString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/omniroot2025.crls
Source: iexplore.exeString found in binary or memory: http://ocsp.entrust.net03
Source: iexplore.exeString found in binary or memory: http://ocsp.entrust.net0d
Source: iexplore.exeString found in binary or memory: http://ocsp.msocsp.com0
Source: iexplore.exeString found in binary or memory: http://ocsp.msocsp.com0=
Source: iexplore.exeString found in binary or memory: http://ocsp.omniroot.com/baltimoreroot0
Source: iexplore.exeString found in binary or memory: http://ocsp.omniroot.com/baltimoreroothttp://cdp1.public-trust.com/crl/omniroot2025.crl
Source: iexplore.exeString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exeString found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exeString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://pe.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://ph.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pl.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://price.ru/
Source: iexplore.exeString found in binary or memory: http://price.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://pt.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://qc.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exeString found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exeString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exeString found in binary or memory: http://rover.ebay.com
Source: iexplore.exeString found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://ru.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://sads.myspace.com/
Source: iexplore.exeString found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exeString found in binary or memory: http://search.about.com/
Source: iexplore.exeString found in binary or memory: http://search.alice.it/
Source: iexplore.exeString found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.aol.com/
Source: iexplore.exeString found in binary or memory: http://search.aol.in/
Source: iexplore.exeString found in binary or memory: http://search.atlas.cz/
Source: iexplore.exeString found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exeString found in binary or memory: http://search.auone.jp/
Source: iexplore.exeString found in binary or memory: http://search.books.com.tw/
Source: iexplore.exeString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.centrum.cz/
Source: iexplore.exeString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.chol.com/
Source: iexplore.exeString found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://search.daum.net/
Source: iexplore.exeString found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exeString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.ebay.com/
Source: iexplore.exeString found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.ebay.de/
Source: iexplore.exeString found in binary or memory: http://search.ebay.es/
Source: iexplore.exeString found in binary or memory: http://search.ebay.fr/
Source: iexplore.exeString found in binary or memory: http://search.ebay.in/
Source: iexplore.exeString found in binary or memory: http://search.ebay.it/
Source: iexplore.exeString found in binary or memory: http://search.empas.com/
Source: iexplore.exeString found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.espn.go.com/
Source: iexplore.exeString found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exeString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exeString found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.hanafos.com/
Source: iexplore.exeString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.interpark.com/
Source: iexplore.exeString found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exeString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=iefm1&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=iefm1&q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=so2tdf&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=so2tdf&q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=soltdf&amp;q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?form=soltdf&q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=as5er
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=as6hd
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=cbpwhd
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie7box&src=%7breferrer:source?%7dn
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie7re&src=%7breferrer:source?%7dw
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie8src&src=%7breferrer:source%7d
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=msnie7&src=%7breferrer:source?%7di
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&mkt=%7blanguage%7d&form=ie8src&src=%7breferr
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=%7breferrer:source?%7d
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=%7breferrer:source?%7d&form=ie8src
Source: iexplore.exeString found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=ie-searchbox&form=ie8srcu
Source: iexplore.exeString found in binary or memory: http://search.livedoor.com/
Source: iexplore.exeString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.lycos.com/
Source: iexplore.exeString found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=as5hd
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=as6hd
Source: iexplore.exeString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=as5hd
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=as6hd
Source: iexplore.exeString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exeString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=as5l
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=as6
Source: iexplore.exeString found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exeString found in binary or memory: http://search.nate.com/
Source: iexplore.exeString found in binary or memory: http://search.naver.com/
Source: iexplore.exeString found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.nifty.com/
Source: iexplore.exeString found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exeString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.rediff.com/
Source: iexplore.exeString found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.seznam.cz/
Source: iexplore.exeString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.sify.com/
Source: iexplore.exeString found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exeString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://search.yahooapis.jp/assistsearchservice/v2/webassistsearch?output=iejson&amp;p=
Source: iexplore.exeString found in binary or memory: http://search.yam.com/
Source: iexplore.exeString found in binary or memory: http://search1.taobao.com/
Source: iexplore.exeString found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exeString found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exeString found in binary or memory: http://searcp
Source: iexplore.exeString found in binary or memory: http://service2.bfast.com/
Source: iexplore.exeString found in binary or memory: http://sg.search.yaho
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://sg.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/favicon.ico
Source: iexplore.exeString found in binary or memory: http://si.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search=
Source: iexplore.exeString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exeString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exeString found in binary or memory: http://suche.aol.de/
Source: iexplore.exeString found in binary or memory: http://suche.freenet.de/
Source: iexplore.exeString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://suche.lycos.de/
Source: iexplore.exeString found in binary or memory: http://suche.t-online.de/
Source: iexplore.exeString found in binary or memory: http://suche.web.de/
Source: iexplore.exeString found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://sug
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ar.search.yahoo.com/os?market=ar&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.au.search.yahoo.com/os?market=au&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ca.search.yahoo.com/os?market=ca&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.de.search.yahoo.com/os?market=de&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.e1.search.yahoo.com/os?market=e1&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.es.search.yahoo.com/os?market=es&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.qc.search.yahoo.com/os?market=qc&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.c0
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&amp;appid=ie8&amp;command=
Source: iexplore.exeString found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command=
Source: iexplore.exeString found in binary or memory: http://th.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://treyresearch.net
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/se
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;pk
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://tw.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://udn.com/
Source: iexplore.exeString found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://uk.ask.com/
Source: iexplore.exeString found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&amp;fr=yie7c&amp;p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&amp;fr=yie8ms&amp;p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exeString found in binary or memory: http://uk.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/
Source: iexplore.exeString found in binary or memory: http://ve.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://video.globo.com/
Source: iexplore.exeString found in binary or memory: http://video.globo.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: iexplore.exeString found in binary or memory: http://web.ask.com/
Source: iexplore.exeString found in binary or memory: http://ww
Source: iexplore.exeString found in binary or memory: http://www.%s.com
Source: iexplore.exeString found in binary or memory: http://www.abril.com.br/
Source: iexplore.exeString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.afisha.ru/app_themes/default/images/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exeString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.amazon.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.amazon.com/gp/search?ie=utf8&amp;tag=ie8search-20&amp;index=blended&amp;linkcode=qs&amp;c
Source: iexplore.exeString found in binary or memory: http://www.amazon.de/
Source: iexplore.exeString found in binary or memory: http://www.aol.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.arrakis.com/
Source: iexplore.exeString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ascendercorp.com/
Source: iexplore.exeString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlt
Source: iexplore.exeString found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exeString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ask.com/
Source: iexplore.exeString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exeString found in binary or memory: http://www.baidu.com/
Source: iexplore.exeString found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.bethmardutho.org.p
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoarchterms
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoh1
Source: iexplore.exeString found in binary or memory: http://www.bing.com/favicon.icoorer
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/default.aspx
Source: iexplore.exeString found in binary or memory: http://www.bing.com/maps/geotager.aspx
Source: iexplore.exeString found in binary or memory: http://www.bing.com/safety/warning
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&form=ie8src
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=ie11sr
Source: iexplore.exeString found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=ie8src
Source: iexplore.exeString found in binary or memory: http://www.c-and-g.co.jp
Source: iexplore.exeString found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exeString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exeString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: iexplore.exeString found in binary or memory: http://www.cjmall.com/
Source: iexplore.exeString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.cnet.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: iexplore.exeString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: iexplore.exeString found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.expedia.com/
Source: iexplore.exeString found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmln
Source: iexplore.exeString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: iexplore.exeString found in binary or memory: http://www.fonts.com
Source: iexplore.exeString found in binary or memory: http://www.founder.com.cn/cn
Source: iexplore.exeString found in binary or memory: http://www.founder.com.cn/cn/
Source: iexplore.exeString found in binary or memory: http://www.galapagosdesign.com/
Source: iexplore.exeString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: iexplore.exeString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exeString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.google.co.in/
Source: iexplore.exeString found in binary or memory: http://www.google.co.jp/
Source: iexplore.exeString found in binary or memory: http://www.google.co.uk/
Source: iexplore.exeString found in binary or memory: http://www.google.com.br/
Source: iexplore.exeString found in binary or memory: http://www.google.com.sa/
Source: iexplore.exeString found in binary or memory: http://www.google.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.google.com/
Source: iexplore.exeString found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.google.cz/
Source: iexplore.exeString found in binary or memory: http://www.google.de/
Source: iexplore.exeString found in binary or memory: http://www.google.es/
Source: iexplore.exeString found in binary or memory: http://www.google.fr/
Source: iexplore.exeString found in binary or memory: http://www.google.it/
Source: iexplore.exeString found in binary or memory: http://www.google.pl/
Source: iexplore.exeString found in binary or memory: http://www.google.ru/
Source: iexplore.exeString found in binary or memory: http://www.google.si/
Source: iexplore.exeString found in binary or memory: http://www.iask.com/
Source: iexplore.exeString found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exeString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exeString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exeString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exeString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/?ref=ie8activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/bv.aspx?ref=ie8activity&amp;a=
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/bvprev.aspx?ref=ie8activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/default.aspx?ref=ie8activity
Source: iexplore.exeString found in binary or memory: http://www.microsofttranslator.com/defaultprev.aspx?ref=ie8activity
Source: iexplore.exeString found in binary or memory: http://www.mtv.com/
Source: iexplore.exeString found in binary or memory: http://www.mtv.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.najdi.si/
Source: iexplore.exeString found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ncst.ernet.in/~rkjoshi
Source: iexplore.exeString found in binary or memory: http://www.neckermann.de/
Source: iexplore.exeString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.orange.fr/
Source: iexplore.exeString found in binary or memory: http://www.otto.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ozon.ru/
Source: iexplore.exeString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exeString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.priceminister.com/
Source: iexplore.exeString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0
Source: iexplore.exeString found in binary or memory: http://www.public-trust.com/cps/omniroot.html0
Source: iexplore.exeString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.rambler.ru/
Source: iexplore.exeString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.recherche.aol.fr/
Source: iexplore.exeString found in binary or memory: http://www.rtl.de/
Source: iexplore.exeString found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.sakkal.com
Source: iexplore.exeString found in binary or memory: http://www.sandoll.co.kr
Source: iexplore.exeString found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exeString found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exeString found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.sogou.com/
Source: iexplore.exeString found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.soso.com/
Source: iexplore.exeString found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.taobao.com/
Source: iexplore.exeString found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.target.com/
Source: iexplore.exeString found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tchibo.de/
Source: iexplore.exeString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tesco.com/
Source: iexplore.exeString found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.tiro.com;copyright
Source: iexplore.exeString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.typography.netd
Source: iexplore.exeString found in binary or memory: http://www.univision.com/
Source: iexplore.exeString found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.urwpp.de
Source: iexplore.exeString found in binary or memory: http://www.usertrust.com1
Source: iexplore.exeString found in binary or memory: http://www.walmart.com/
Source: iexplore.exeString found in binary or memory: http://www.walmart.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.weather.com/
Source: iexplore.exeString found in binary or memory: http://www.weather.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.yandex.ru/
Source: iexplore.exeString found in binary or memory: http://www.yandex.ru/favicon.ico
Source: iexplore.exeString found in binary or memory: http://www.zhongyicts.com.cn
Source: iexplore.exeString found in binary or memory: http://www3.fnac.com/
Source: iexplore.exeString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?service=awsecommerceservice&amp;version=2008-06-26&amp;operation
Source: iexplore.exeString found in binary or memory: http://yellowpages.superpages.com/
Source: iexplore.exeString found in binary or memory: http://yellowpages.superpages.com/favicon.ico
Source: iexplore.exeString found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exeString found in binary or memory: https://
Source: iexplore.exeString found in binary or memory: https://en.wikipedia.org/wiki/xslt/muenchian_grouping
Source: iexplore.exeString found in binary or memory: https://example.com
Source: iexplore.exeString found in binary or memory: https://secure.comodo.com/cps0
Source: iexplore.exeString found in binary or memory: https://support.google.com/favicon.ico
Source: iexplore.exeString found in binary or memory: https://www.digicert.com/cps0
Source: iexplore.exeString found in binary or memory: https://www.example.com.
Source: iexplore.exeString found in binary or memory: https://www.torproject.org/download/download-easy.html
Social media urls found in memory dataShow sources
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/
Source: iexplore.exeString found in binary or memory: http://www.facebook.com/favicon.ico
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49191 -> 83.217.8.61:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49191 -> 83.217.8.61:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49192 -> 31.202.130.9:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49192 -> 31.202.130.9:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49193 -> 91.234.35.106:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49193 -> 91.234.35.106:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49194 -> 83.217.8.61:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49194 -> 83.217.8.61:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49195 -> 31.202.130.9:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49195 -> 31.202.130.9:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49196 -> 91.234.35.106:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49196 -> 91.234.35.106:80
Source: TrafficSnort IDS: 2023577 ET TROJAN Locky CnC Checkin HTTP Pattern 192.168.1.16:49197 -> 83.217.8.61:80
Source: TrafficSnort IDS: 2023576 ET TROJAN Locky CnC Checkin Dec 5 M1 192.168.1.16:49197 -> 83.217.8.61:80

Stealing of Sensitive Information:

barindex
Searches for user specific document filesShow sources
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\Default\Documents
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\Default\Documents
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\user\Documents
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\user\Documents
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\Public\Documents
Source: C:\Users\user\Desktop\y872ff2.exeKey value created or modified: C:\Users\Public\Documents

Data Obfuscation:

barindex
Binary may include packed or encrypted codeShow sources
Source: initial sampleStatic PE information: section name: .rdata entropy: 7.90630231924
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_004079B0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004079B0
PE file contains sections with non-standard namesShow sources
Source: y872ff2.exeStatic PE information: section name: .dec
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_004029AB push ecx; ret 0_2_004029BB
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00404705 push ecx; ret 0_2_00404718
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00401408 push eax; ret 0_2_00401426
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_1_00405CA2 push eax; mov dword ptr [esp], ebp0_1_00405CA3

Spreading:

barindex
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0042D950 FindFirstFileW,FindClose,0_2_0042D950

System Summary:

barindex
Reads internet explorer settingsShow sources
Source: C:\Program Files\Internet Explorer\iexplore.exeKey opened: HKEY_USERS\Software\Microsoft\Internet Explorer\Settings
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
PE file contains a debug data directoryShow sources
Source: y872ff2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Binary contains paths to debug symbolsShow sources
Source: Binary string: gefas.pdb source: y872ff2.exe
Classification labelShow sources
Source: classification engineClassification label: mal72.rans.winEXE@7/157@0/5
Contains functionality to instantiate COM classesShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0040C879 CoCreateInstance,0_2_0040C879
Creates files inside the program directoryShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\DX1KWDRT-SWHS-3N44-6B211009-EE74B58D24B4.diablo6
Creates files inside the user directoryShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile created: c:\Users\user\Desktop\diablo6-19ec.htm
Creates temporary filesShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile created: C:\Users\LUKETA~1\AppData\Local\Temp\sys3FA5.tmp
Reads ini filesShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile read: C:\Users\user\Desktop\desktop.ini
Reads software policiesShow sources
Source: C:\Users\user\Desktop\y872ff2.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Sample is known by Antivirus (Virustotal or Metascan)Show sources
Source: y872ff2.exeVirustotal: hash found
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\y872ff2.exe 'C:\Users\user\Desktop\y872ff2.exe'
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\diablo6.htm
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /C del /Q /F 'C:\Users\LUKETA~1\AppData\Local\Temp\sys3FA5.tmp'
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:1836 CREDAT:275457 /prefetch:2
Source: C:\Users\user\Desktop\y872ff2.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\diablo6.htm
Source: C:\Users\user\Desktop\y872ff2.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C del /Q /F 'C:\Users\LUKETA~1\AppData\Local\Temp\sys3FA5.tmp'
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:1836 CREDAT:275457 /prefetch:2
Uses an in-process (OLE) Automation serverShow sources
Source: C:\Users\user\Desktop\y872ff2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{573bdf38-df23-427f-acb8-a67abd702698}\InprocServer32
Found potential string decryption / allocating functionsShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: String function: 00407982 appears 1074 times
Source: C:\Users\user\Desktop\y872ff2.exeCode function: String function: 00476210 appears 34 times
Source: C:\Users\user\Desktop\y872ff2.exeCode function: String function: 0040B955 appears 170 times
Source: C:\Users\user\Desktop\y872ff2.exeCode function: String function: 004182F0 appears 42 times
Reads the hosts fileShow sources
Source: C:\Users\user\Desktop\y872ff2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Sample file is different than original file name gathered from version infoShow sources
Source: y872ff2.exeBinary or memory string: OriginalFilenameSETUPAPI.DLL.MUIj% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenameodbcint.dll.muij% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamePhotoVieP vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamempr.dll.muij% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamevsstrace.dll.muij% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamewship6.dll.muij% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamewshtcpip.dll.muij% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: originalfilename vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: OriginalFilenameKernelbasej% vs y872ff2.exe
Source: y872ff2.exeBinary or memory string: System.OriginalFileName vs y872ff2.exe
Tries to load missing DLLsShow sources
Source: C:\Users\user\Desktop\y872ff2.exeSection loaded: gfcms.dll

HIPS / PFW / Operating System Protection Evasion:

barindex
Contains functionality to add an ACL to a security descriptorShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0041968E SetSecurityDescriptorDacl,0_2_0041968E
Contains functionality to create a new security descriptorShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00419762 AllocateAndInitializeSid,0_2_00419762
May try to detect the Windows Explorer process (often used for injection)Show sources
Source: iexplore.exeBinary or memory string: Progman
Source: iexplore.exeBinary or memory string: Program Manager
Source: iexplore.exeBinary or memory string: Shell_TrayWnd

Anti Debugging:

barindex
Contains functionality to register its own exception handlerShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00405F08 SetUnhandledExceptionFilter,0_2_00405F08
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00403A6C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00403A6C
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00405393 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00405393
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))Show sources
Source: C:\Users\user\Desktop\y872ff2.exeSystem information queried: KernelDebuggerInformation
Contains functionality to check if a debugger is running (IsDebuggerPresent)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00403A6C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00403A6C
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_004079B0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004079B0

Malware Analysis System Evasion:

barindex
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_0042D950 FindFirstFileW,FindClose,0_2_0042D950
Program exit pointsShow sources
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30023
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30208
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30024
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30221
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30229
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30236
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30220
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30218
Source: C:\Users\user\Desktop\y872ff2.exeAPI call chain: ExitProcess graph end nodegraph_0-30219
Contains long sleeps (>= 3 min)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeThread delayed: delay time: 36000
May sleep (evasive loops) to hinder dynamic analysisShow sources
Source: C:\Users\user\Desktop\y872ff2.exe TID: 3540Thread sleep time: -36000s >= -60s
Source: C:\Users\user\Desktop\y872ff2.exe TID: 2228Thread sleep time: -240000s >= -60s

Hooking and other Techniques for Hiding and Protection:

barindex
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\y872ff2.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX and NOOPENFILEERRORBOX

Language, Device and Operating System Detection:

barindex
Contains functionality to query local / system timeShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00413B0B GetSystemTimeAsFileTime,0_2_00413B0B
Contains functionality to query windows versionShow sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: 0_2_00421A68 GetVersionExA,0_2_00421A68
Queries the cryptographic machine GUIDShow sources
Source: C:\Users\user\Desktop\y872ff2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Contains functionality locales information (e.g. system language)Show sources
Source: C:\Users\user\Desktop\y872ff2.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoA,0_2_0042EB20

Behavior Graph

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behavior_graph main Behavior Graph ID: 343043 Sample:  y872ff2.exe Startdate:  18/08/2017 Architecture:  WINDOWS Score:  72 0 y872ff2.exe 2 70 main->0      started     13010sig Changes the wallpaper picture 13000sig Modifies existing user documents (likey ransomware behavior) 8650sig Ransomware detected (based on file extension or ransom instructions from fsrm.experiant.ca) d1e488162 83.217.8.61, 80 StekKazanLLC Russian Federation d1e488163 31.202.130.9, 80 MAXNETTELECOMLTD Ukraine d1e488165 91.234.35.106, 80 FOPSedinkinOlexandrValeriyovuch Ukraine 0->13010sig 0->13000sig 0->8650sig 0->d1e488162 0->d1e488163 0->d1e488165 8 iexplore.exe 54 0->8      started     11 cmd.exe 0->11      started     12 iexplore.exe 8->12      started     process0 dnsIp0 signatures0 process8 process12 fileCreated0 fileCreated8

Antivirus Detection

Initial Sample

SourceRatioCloudLink
y872ff2.exe53/62virustotalBrowse

Dropped Files

SourceRatioCloudLink
21253908F3CB05D51B1C2DA8B681A78500/58virustotalBrowse
37C951188967C8EB88D99893D9D191FE00/58virustotalBrowse

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
StekKazanLLCBN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130
BN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130
BN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130
BN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130
BN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130
BN8B1.exe8bf110d38b3084d065f975da641fd0ae2ae672f607e6c30cf5544699770dc905maliciousBrowse
  • 83.217.11.130

Dropped Files

No context

Screenshot