Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Report generated with Buster Sandbox Analyzer 1.88 at 20:34:05 on 11/12/2017
- [ General information ]
- * File name: C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe
- * Process crashed
- [ Changes to filesystem ]
- * Modifies file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- * Modifies file C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\savedata
- [ Changes to registry ]
- * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
- old value empty
- * Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
- * Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
- * Modifies value "SavedLegacySettings=460000007D00000001000000000000000000000000000000040000000000000020C1A094F561D10101000000C0A8E881000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- old value "SavedLegacySettings=460000007B00000001000000000000000000000000000000040000000000000020C1A094F561D10101000000C0A8E881000000000000000000000000"
- * Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
- [ Network services ]
- * Looks for an Internet connection.
- * Queries DNS "od.lk".
- * Queries DNS "www.sonicbattle.ga".
- * Queries DNS "play.google.com".
- * Queries DNS "play.l.google.com".
- * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "38.108.185.79" on port 443 (TCP - HTTPS).
- * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "192.168.239.133" on port 4836 (TCP - HTTPS).
- * C:\Documents and Settings\Administrator\My Documents\Downloads\Sonic\SonicSAGE.exe Connects to "192.168.239.133" on port 4839 (TCP - HTTPS).
- * Downloads file from "whatsmyip.net/".
- * Downloads file from "www.sonicbattle.ga/".
- * Opens next URLs:
- https://od.lk/s/125410148_
- http://www.sonicbattle.ga
- [ Process/window/string information ]
- * Gets user name information.
- * Gets computer name.
- * Checks for debuggers.
- * Creates a mutex "DirectSound DllMain mutex (0x00000454)".
- * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-484763869-630328440-725345543-500MUTEX.DefaultS-1-5-21-484763869-630328440-725345543-500".
- * Creates a mutex "Local\_!MSFTHISTORY!_".
- * Creates a mutex "Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!".
- * Creates a mutex "Local\c:!documents and settings!administrator!cookies!".
- * Creates a mutex "Local\c:!documents and settings!administrator!local settings!history!history.ie5!".
- * Creates a mutex "RasPbFile".
- * Lists all entry names in a remote access phone book.
- * Opens a service named "RASMAN".
- * Opens a service named "Sens".
- * Creates a mutex "Local\ZonesCounterMutex".
- * Creates a mutex "Local\!IETld!Mutex".
- * Creates a mutex "Local\ZoneAttributeCacheCounterMutex".
- * Creates a mutex "Local\ZonesCacheCounterMutex".
- * Creates a mutex "Local\ZonesLockedCacheCounterMutex".
- * Creates a mutex "Local\c:!documents and settings!administrator!ietldcache!".
- * Creates a mutex "DDrawWindowListMutex".
- * Creates a mutex "__DDrawExclMode__".
- * Creates a mutex "__DDrawCheckExclMode__".
- * Enumerates running processes.
- * Creates process "null, C:\WINDOWS\system32\dwwin.exe -x -s 1256, C:\WINDOWS\system32".
- * Contains string Checked for AVG security software presence ("AVGW")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement