Report generated with Buster Sandbox Analyzer 1.88 at 20:34:05 on 11/12/2017

1.  
2. Report generated with Buster Sandbox Analyzer 1.88 at 20:34:05 on 11/12/2017
3.  
4. [ General information ]
5. * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe
6. * Process crashed
7.  
8. [ Changes to filesystem ]
9. * Modifies file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
10. * Modifies file C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\savedata
11.  
12. [ Changes to registry ]
13. * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
14. old value empty
15. * Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
16. * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
17. * Modifies value "SavedLegacySettings=460000007D00000001000000000000000000000000000000040000000000000020C1A094F561D10101000000C0A8E881000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
18. old value "SavedLegacySettings=460000007B00000001000000000000000000000000000000040000000000000020C1A094F561D10101000000C0A8E881000000000000000000000000"
19. * Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
20.  
21. [ Network services ]
22. * Looks for an Internet connection.
23. * Queries DNS "od.lk".
24. * Queries DNS "www.sonicbattle.ga".
25. * Queries DNS "play.google.com".
26. * Queries DNS "play.l.google.com".
27. * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "38.108.185.79" on port 443 (TCP - HTTPS).
28. * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "192.168.239.133" on port 4836 (TCP - HTTPS).
29. * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "192.168.239.133" on port 4839 (TCP - HTTPS).
30. * Downloads file from "whatsmyip.net/".
31. * Downloads file from "www.sonicbattle.ga/".
32. * Opens next URLs:
33. https://od.lk/s/125410148_
34. http://www.sonicbattle.ga
35.  
36. [ Process/window/string information ]
37. * Gets user name information.
38. * Gets computer name.
39. * Checks for debuggers.
40. * Creates a mutex "DirectSound DllMain mutex (0x00000454)".
41. * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
42. * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
43. * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
44. * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
45. * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
46. * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-484763869-630328440-725345543-500MUTEX.DefaultS-1-5-21-484763869-630328440-725345543-500".
47. * Creates a mutex "Local\_!MSFTHISTORY!_".
48. * Creates a mutex "Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!".
49. * Creates a mutex "Local\c:!documents and settings!administrator!cookies!".
50. * Creates a mutex "Local\c:!documents and settings!administrator!local settings!history!history.ie5!".
51. * Creates a mutex "RasPbFile".
52. * Lists all entry names in a remote access phone book.
53. * Opens a service named "RASMAN".
54. * Opens a service named "Sens".
55. * Creates a mutex "Local\ZonesCounterMutex".
56. * Creates a mutex "Local\!IETld!Mutex".
57. * Creates a mutex "Local\ZoneAttributeCacheCounterMutex".
58. * Creates a mutex "Local\ZonesCacheCounterMutex".
59. * Creates a mutex "Local\ZonesLockedCacheCounterMutex".
60. * Creates a mutex "Local\c:!documents and settings!administrator!ietldcache!".
61. * Creates a mutex "DDrawWindowListMutex".
62. * Creates a mutex "__DDrawExclMode__".
63. * Creates a mutex "__DDrawCheckExclMode__".
64. * Enumerates running processes.
65. * Creates process "null, C:\WINDOWS\system32\dwwin.exe -x -s 1256, C:\WINDOWS\system32".
66. * Contains string Checked for AVG security software presence ("AVGW")