Loading ...

Play interactive tourEdit tour

Analysis Report voVnFsOaJK.exe

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:188699
Start date:08.11.2019
Start time:23:53:54
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 14m 35s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:voVnFsOaJK.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:33
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal80.rans.evad.winEXE@3/389@2/1
EGA Information:Failed
HDC Information:Failed
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, TiWorker.exe, wermgr.exe, MusNotifyIcon.exe, conhost.exe, CompatTelRunner.exe, svchost.exe, TrustedInstaller.exe
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold800 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementHooking1Hooking1Process Injection1Hooking1Process Discovery2Remote File Copy1Input Capture1Data CompressedStandard Non-Application Layer Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsProcess Injection1DLL Side-Loading1Input Capture1Security Software Discovery211Remote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol2
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureRemote System Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationRemote File Copy1

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: http://update.l2vn.com/l2zaken/L2vnH5/EnchantedWeaponFlowEffectData.dat.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/aegisty.bin.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/AdditionalNpcGrpParts.dat.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/BeastTimeEnv5.int.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/BeastTimeEnv1.int.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/AnimationCombo.dat.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/debug.log.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/AlterSkillData.dat.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/ColorExName-eu.dat.lzAvira URL Cloud: Label: malware
Source: http://update.l2vn.com/l2zaken/L2vnH5/DecoNPCData_client.dat.lzAvira URL Cloud: Label: malware
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\Desktop\L2vnH5.exeVirustotal: Detection: 30%Perma Link
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpVirustotal: Detection: 30%Perma Link
Multi AV Scanner detection for submitted fileShow sources
Source: voVnFsOaJK.exeVirustotal: Detection: 30%Perma Link

Networking:

barindex
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /l2zaken/files.lst.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5.exe.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AbnormalDefaultEffect.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AbnormalEdgeEffectData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ActionName-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AdditionalEffect.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AdditionalItemGrp.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AdditionalJewelEquipEffect.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AdditionalNpcGrpParts.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AdditionalSoulshotEffect.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/aegisty.bin.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ALAudio.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ALAudio.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AlchemyData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AlterSkillData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AnimationCombo.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Armorgrp.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Awesomium.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/AwesomiumProcess.exe.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/bdcap32.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv0.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv1.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv2.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv3.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv4.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/BeastTimeEnv5.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/beecrypt.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/bighead.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CameraEffectInfo.u.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CastleName-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/cef.pak.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/cef_100_percent.pak.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/cef_200_percent.pak.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CharCreategrp.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Chargrp.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CheckGrp.log.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ClassInfo-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Cloak.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ColorExgrp.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/ColorExName-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CombinationItemData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CommandName-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Core.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Core.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Core.u.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Credit-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/CreditFont.gly.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/d3dcompiler_43.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/d3dcompiler_47.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/D3DDrv.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/D3DDrv.int.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/D3DX9_40.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/dbghelp.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/debug.log.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/DecoNPCData_client.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/DefOpenAL32.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/DSETUP.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/dsetup.u.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/DualCastTypeData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/DynamicContentsName-eu.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Editor.u.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/EnchantedWeaponFlowEffectData.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/EnchantStatBonus.dat.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/encvag.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Source: global trafficHTTP traffic detected: GET /l2zaken/L2vnH5/Engine.dll.lz HTTP/1.1User-Agent: L2UpdaterHost: update.l2vn.com
Found strings which match to known social media urlsShow sources
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: !pogodok.com.mkhttp://www.pogodok.com.mk/favicon.icohttp://www.pogodok.com.mk/search.jsp?q={searchTerms}Ramblerrambler.ruhttp://www.rambler.ru/favicon.icohttp://www.rambler.ru/srch?words={searchTerms}Rediffrediff.comhttp://search1.rediff.com/favicon.icohttp://search1.rediff.com/dirsrch/default.asp?MT={searchTerms}Rednanorednano.sghttp://rednano.sg/favicon.icohttp://rednano.sg/sfe/lwi.action?querystring={searchTerms}* equals www.rambler.ru (Rambler)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: !walla.co.ilhttp://www.walla.co.il/favicon.icohttp://search.walla.co.il/?e=hew&q={searchTerms}Wirtualna Polskawp.plhttp://szukaj.wp.pl/favicon.icohttp://szukaj.wp.pl/szukaj.html?szukaj={searchTerms}Yahoo!yahoo.comhttp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}Yahoo! Argentinaar.yahoo.comhttp://ar.search.yahoo.com/favicon.icohttp://ar.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://ar-sayt.ff.search.yahoo.com/gossip-ar-sayt?output=fxjson&command={searchTerms}Yahoo! Sucheat.yahoo.comhttp://at.search.yahoo.com/favicon.icohttp://at.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo!7au.yahoo.comhttp://au.search.yahoo.com/favicon.icohttp://au.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://aue-sayt.ff.search.yahoo.com/gossip-au-sayt?output=fxjson&command={searchTerms}Yahoo! Brasilbr.yahoo.comhttp://br.search.yahoo.com/favicon.icohttp://br.search.ya
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: aes.yahoo.comhttp://es.search.yahoo.com/favicon.icohttp://es.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://es-sayt.ff.search.yahoo.com/gossip-es-sayt?output=fxjson&command={searchTerms}Yahoo!-hakufi.yahoo.comhttp://fi.search.yahoo.com/favicon.icohttp://fi.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Francefr.yahoo.comhttp://fr.search.yahoo.com/favicon.icohttp://fr.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://fr-sayt.ff.search.yahoo.com/gossip-fr-sayt?output=fxjson&command={searchTerms}Yahoo! Hong Konghk.yahoo.comhttp://hk.search.yahoo.com/favicon.icohttp://hk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Indonesiaid.yahoo.comhttp://id.search.yahoo.com/favicon.icohttp://id.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://id-sayt.ff.search.yahoo.com/gossip-id-sayt?output=fxjson&command={searchTerms}Yahoo! Indiain.yahoo.comhttp://in.search.yahoo.com/favicon.icohttp://in.search
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: becqc.yahoo.comhttp://qc.search.yahoo.com/favicon.icohttp://qc.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! ? equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: cn.yahoo.comhttp://search.cn.yahoo.com/favicon.icohttp://search.cn.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Colombiaco.yahoo.comhttp://co.search.yahoo.com/favicon.icohttp://co.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Deutschlandde.yahoo.comhttp://de.search.yahoo.com/favicon.icohttp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}Yahoo! Danmarkdk.yahoo.comhttp://dk.search.yahoo.com/favicon.icohttp://dk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Espa equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://at.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://au.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ca.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ch.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://cl.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://co.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://dk.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fi.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://hk.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://id.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://malaysia.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://mx.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nl.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://no.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nz.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://pe.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ph.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://qc.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://se.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://sg.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://th.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ve.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://vn.search.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.wolframalpha.com/http://www.ask.com/http://www.altavista.com/http://www.bing.com/http://www.yahoo.com/http://www.google.com/Check failed: index < matches_.size(). c:\Development\awesomium_1_6\chromium\chromium\src\chrome/browser/autocomplete/autocomplete.h equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.yahoo.com/ equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: kr.yahoo.comhttp://kr.search.yahoo.com/favicon.icohttp://kr.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://kr.atc.search.yahoo.com/atcx.php?property=main&ot=fxjson&ei=utf8&eo=utf8&command={searchTerms}Yahoo! Malaysiamalaysia.yahoo.comhttp://malaysia.search.yahoo.com/favicon.icohttp://malaysia.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://my-sayt.ff.search.yahoo.com/gossip-my-sayt?output=fxjson&command={searchTerms}Yahoo! M equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: pe.yahoo.comhttp://pe.search.yahoo.com/favicon.icohttp://pe.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Philippinesph.yahoo.comhttp://ph.search.yahoo.com/favicon.icohttp://ph.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://ph-sayt.ff.search.yahoo.com/gossip-ph-sayt?output=fxjson&command={searchTerms}Yahoo! Qu equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: ru.yahoo.comhttp://ru.search.yahoo.com/favicon.icohttp://ru.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Sverigese.yahoo.comhttp://se.search.yahoo.com/favicon.icohttp://se.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Singaporesg.yahoo.comhttp://sg.search.yahoo.com/favicon.icohttp://sg.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://sg-sayt.ff.search.yahoo.com/gossip-sg-sayt?output=fxjson&command={searchTerms}Yahoo! equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: t Namvn.yahoo.comhttp://vn.search.yahoo.com/favicon.icohttp://vn.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://vn-sayt.ff.search.yahoo.com/gossip-vn-sayt?output=fxjson&command={searchTerms}Yamliyamli.comhttp://www.yamli.com/favicon.icohttp://www.yamli.com/#q={searchTerms}/ equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: th.yahoo.comhttp://th.search.yahoo.com/favicon.icohttp://th.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://th-sayt.ff.search.yahoo.com/gossip-th-sayt?output=fxjson&command={searchTerms}Yahoo!GYidtw.yahoo.comhttp://tw.search.yahoo.com/favicon.icohttp://tw.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! UK & Irelanduk.yahoo.comhttp://uk.search.yahoo.com/favicon.icohttp://uk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://uk-sayt.ff.search.yahoo.com/gossip-uk-sayt?output=fxjson&command={searchTerms}Yahoo! Venezuelave.yahoo.comhttp://ve.search.yahoo.com/favicon.icohttp://ve.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Vi equals www.yahoo.com (Yahoo)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: xicomx.yahoo.comhttp://mx.search.yahoo.com/favicon.icohttp://mx.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://gossip.mx.yahoo.com/gossip-mx-sayt?output=fxjsonp&command={searchTerms}Yahoo! Nederlandnl.yahoo.comhttp://nl.search.yahoo.com/favicon.icohttp://nl.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Norgeno.yahoo.comhttp://no.search.yahoo.com/favicon.icohttp://no.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo!Xtranz.yahoo.comhttp://nz.search.yahoo.com/favicon.icohttp://nz.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}http://aue-sayt.ff.search.yahoo.com/gossip-nz-sayt?output=fxjson&command={searchTerms}Yahoo! Per equals www.yahoo.com (Yahoo)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: update.l2vn.com
Urls found in memory or binary dataShow sources
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: ftp://ftp.gnu.org/pub/gnu/COPYING.LIB-2.0
Source: L2vnH5.exe.tmp, 00000006.00000003.2241055410.0000000005570000.00000004.00000001.sdmpString found in binary or memory: ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopying
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: ftp://http://https://ftp://www.ftp://ftp.http://www.https://www.Check
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: ftp://sourceware.org/pub/newlib/newlib-2.0.0.tar.gz
Source: L2vnH5.exe.tmp, 00000006.00000003.2745628865.0000000005100000.00000004.00000001.sdmpString found in binary or memory: ftp://upload.ffmpeg.org/incoming/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://.google.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://1.im.cz/szn/img/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://1.im.cz/szn/img/favicon.icohttp://search.seznam.cz/?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://abcsok.no/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://abcsok.no/favicon.icohttp://abcsok.no/index.html?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ac.search.naver.com/autocompl?m=s&ie=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar-sayt.ff.search.yahoo.com/gossip-ar-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar.altavista.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar.altavista.com/favicon.icohttp://ar.altavista.com/web/results?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ar.search.yahoo.com/favicon.icohttp://ar.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://araby.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://araby.com/favicon.icohttp://araby.com/?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://at.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://at.search.yahoo.com/favicon.icohttp://at.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://au.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://au.search.yahoo.com/favicon.icohttp://au.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://aue-sayt.ff.search.yahoo.com/gossip-au-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://aue-sayt.ff.search.yahoo.com/gossip-nz-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://bgoffice.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://br-sayt.ff.search.yahoo.com/gossip-br-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/favicon.icohttp://br.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.icohttp://busca.uol.com.br/www/index.html?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://buscador.terra.es/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?query=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://buscar.hispavista.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?query=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ca.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ca.search.yahoo.com/favicon.icohttp://ca.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://caminobrowser.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://cgit.freedesktop.org/~aplattner/nvidia-settings/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ch.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ch.search.yahoo.com/favicon.icohttp://ch.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://checkstyle.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://cl.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://cl.search.yahoo.com/favicon.icohttp://cl.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://clients1.google.com/translate_a/t
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://clients1.google.com/translate_a/thttps://clients1.google.com/translate_a/tvlangpairqclientfor
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://co.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://co.search.yahoo.com/favicon.icohttp://co.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/angleproject/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=4609
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=4609Error
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/data-race-test/wiki/DynamicAnnotations
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-axs-chrome/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-breakpad/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-cache-invalidation-api/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-glog/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-jstemplate/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-safe-browsing/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/google-toolbox-for-mac/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/libyuv/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/mozc
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/nativeclient
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/open-vcdiff
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/ots/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/pdfium/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/pyftpdlib/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/re2/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/sfntly/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/skia
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/snappy/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/stringencoders/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://code.google.com/p/webrtc/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://comcast.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://crbug.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://crbug.com/9442
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://crl.trust-provider.com/USERTrustRSACertificationAuthority.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://crl.trust-provider.com/USERTrustRSACodeSigningCA.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://crt.trust-provider.com/USERTrustRSAAddTrustCA.crt0
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://crt.trust-provider.com/USERTrustRSACodeSigningCA.crt0
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/favicon.icohttp://de.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://dev.chromium.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://dev.chromium.org/developers/design-documents/view-net-internals
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://developer.apple.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://developer.mozilla.org/en-US/docs/Accessibility/AT-APIs
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://developers.google.com/speed/webp
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://dk.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://dk.search.yahoo.com/favicon.icohttp://dk.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://downloads.xiph.org/releases/speex/speex-1.2rc1.tar.gz
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://drupal.org/project/flot
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://eniro.fi/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://eniro.se/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es-sayt.ff.search.yahoo.com/gossip-es-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es.ask.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es.ask.com/favicon.icohttp://es.ask.com/web?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/favicon.icohttp://es.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://etherx.jabber.org/streams
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://etherx.jabber.org/streamsurn:ietf:params:xml:ns:xmpp-streamsurn:ietf:params:xml:ns:xmpp-tlsur
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://exslt.org/common
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://ffmpeg.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fi.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fi.search.yahoo.com/favicon.icohttp://fi.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fr-sayt.ff.search.yahoo.com/gossip-fr-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/favicon.icohttp://fr.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://freedesktop.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://freedesktop.org/wiki/Software/vaapi
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://git.videolan.org/?p=x264.git;a=blob;f=common/x86/x86inc.asm
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://git.xiph.org/?p=opus.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://github.com/google/closure-compiler
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://googleappengine.googlecode.com/svn/trunk/python/LICENSE):
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://googleappengine.googlecode.com/svn/trunk/python/lib/fancy_urllib
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://googleappengine.googlecode.com/svn/trunk/python/lib/fancy_urllib/fancy_urllib/__init__.py
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://gossip.ca.yahoo.com/gossip-ca-sayt?output=fxjsonp&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://gossip.mx.yahoo.com/gossip-mx-sayt?output=fxjsonp&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://gossip.telemundo.yahoo.com/gossip-e1-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://gperftools.googlecode.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://guruji.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://harfbuzz.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://hg.mozilla.org/mozilla-central/tools/codesighs
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://hk.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://hk.search.yahoo.com/favicon.icohttp://hk.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://home.earthlink.net/~anneart/family/Threads/source.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://hunspell.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://i.dir.bg/diri/images/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://icl.com/saxon
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://icl.com/saxonFound
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://id-sayt.ff.search.yahoo.com/gossip-id-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://id.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://id.search.yahoo.com/favicon.icohttp://id.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.icohttp://search.atlas.cz/?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.centrum.cz/6/vy2/o/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.centrum.sk/4/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.go.mail.ru/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.mynet.com/mynetfavori.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://img.mynet.com/mynetfavori.icohttp://arama.mynet.com/search.aspx?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://in-sayt.ff.search.yahoo.com/gossip-in-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/favicon.icohttp://in.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.1932967069.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://ipxe.org
Source: L2vnH5.exe.tmp, 00000006.00000003.1932967069.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://ipxe.org)
Source: L2vnH5.exe.tmp, 00000006.00000003.1932967069.00000000006DF000.00000004.00000001.sdmpString found in binary or memory: http://ipxe.orgiPXE
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it-sayt.ff.search.yahoo.com/gossip-it-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it.ask.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it.ask.com/favicon.icohttp://it.ask.com/web?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/favicon.icohttp://it.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://jabber.org/protocol/caps
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://jabber.org/protocol/chatstates
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://jabber.org/protocol/disco#info
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://jabber.org/protocol/disco#items
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://jabber.org/protocol/nick
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://jsoncpp.svn.sourceforge.net/svnroot/jsoncpp/trunk/jsoncpp
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://kr.atc.search.yahoo.com/atcx.php?property=main&ot=fxjson&ei=utf8&eo=utf8&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/favicon.icohttp://kr.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICEN
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://latne.lv/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://leit.is/leit.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libcxx.llvm.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libcxxabi.llvm.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libexif.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libphonenumber.googlecode.com/svn/trunk/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libpng.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://libusb.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://linkhelp.clients.google.com/tbproxy/lh/fixurl
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://linkhelp.clients.google.com/tbproxy/lh/fixurlhl.
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://llvm.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://ltp.sourceforge.net/coverage/lcov.php
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://lxr.mozilla.org/mozilla/source/toolkit/mozapps/update/src/updater/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://malaysia.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://malaysia.search.yahoo.com/favicon.icohttp://malaysia.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://mbraak.github.io/jqTree/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://mock4js.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://modp.com/release/base64
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://mx.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://mx.search.yahoo.com/favicon.icohttp://mx.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://mxr.mozilla.org/mozilla-central/source/modules/plugin/base/public/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://mxr.mozilla.org/mozilla-central/source/security/manager/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://my-sayt.ff.search.yahoo.com/gossip-my-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nate.search.empas.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nate.search.empas.com/favicon.icohttp://nate.search.empas.com/search/all.html?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://nedbatchelder.com/code/coverage
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nl.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nl.search.yahoo.com/favicon.icohttp://nl.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://no.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://no.search.yahoo.com/favicon.icohttp://no.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nz.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://nz.search.yahoo.com/favicon.icohttp://nz.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.trust-provider.com0
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://opendns.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://opensource.org/licenses/mit
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://oss.sgi.com/projects/FreeB/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://pe.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://pe.search.yahoo.com/favicon.icohttp://pe.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://people.ubuntu.com/~fta/chromium/translations/trunk/patches/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ph-sayt.ff.search.yahoo.com/gossip-ph-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ph.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ph.search.yahoo.com/favicon.icohttp://ph.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://protobuf.googlecode.com/svn/trunk
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://pypi.python.org/pypi/mock
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://pyserial.sourceforge.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://qc.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://qc.search.yahoo.com/favicon.icohttp://qc.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://rednano.sg/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://rednano.sg/favicon.icohttp://rednano.sg/sfe/lwi.action?querystring=
Source: L2vnH5.exe.tmp, 00000006.00000003.2241055410.0000000005570000.00000004.00000001.sdmpString found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: L2vnH5.exe.tmp, 00000006.00000003.2241055410.0000000005570000.00000004.00000001.sdmpString found in binary or memory: http://relaxng.org/ns/structure/1.0allocating
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://rentzsch.com
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ricerca.alice.it/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ricerca.alice.it/favicon.icohttp://ricerca.alice.it/ricerca?qs=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com/favicon.icohttp://ru.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://s.symcd.com06
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://s2.symcb.com0
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%s&client=chromium
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://safebrowsing.clients.google.com/safebrowsing/downloads?client=%s&appver=%s&pver=2.2
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://safebrowsing.clients.google.com/safebrowsing/gethash?client=%s&appver=%s&pver=2.2
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://safebrowsing.clients.google.com/safebrowsing/report?evts=malblhit&evtd=%s&evtr=%s&evhr=%s&cli
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/Article
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/BlogPosting
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/Corporation
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/EducationalOrganization
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/GovernmentOrganization
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/ImageObject
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/NGO
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/NewsArticle
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/Organization
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/Person
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/ScholarlyArticle
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/TechArticle
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sctp-refimpl.googlecode.com/svn/trunk/KERN/usrsctp
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://se.altavista.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://se.altavista.com/favicon.icohttp://se.altavista.com/web/results?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://se.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://se.search.yahoo.com/favicon.icohttp://se.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.aol.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.aol.com/favicon.icohttp://search.aol.com/aol/search?query=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/favicon.icohttp://search.cn.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.delfi.lt/img/favicon.png
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.jubii.dk/favicon_jubii.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.icohttp://search.naver.com/search.naver?ie=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.sanook.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.sanook.com/favicon.icohttp://search.sanook.com/search.php?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.icohttp://search.yahoo.co.jp/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search1.rediff.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://search1.rediff.com/favicon.icohttp://search1.rediff.com/dirsrch/default.asp?MT=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://selenium.googlecode.com/svn/trunk/py
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://sg-sayt.ff.search.yahoo.com/gossip-sg-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://sg.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://sg.search.yahoo.com/favicon.icohttp://sg.search.yahoo.com/search?ei=
Source: voVnFsOaJK.exe, 00000000.00000003.1923959073.00000000054B6000.00000004.00000001.sdmpString found in binary or memory: http://sha256timestamp.ws.symantec.com/sha256/timestamp0
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://site.icu-project.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://smart.delfi.lv/img/smart_search.png
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://software.blackmagicdesign.com/SDK/Blackmagic_DeckLink_SDK_10.3.1.zip
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://source.android.com
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sourceforge.net/projects/expat/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sourceforge.net/projects/flac/files/flac-src/flac-1.2.1-src/flac-1.2.1.tar.gz/download
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sourceforge.net/projects/libjpeg-turbo/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sources.redhat.com/pthreads-win32
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sources.redhat.com/pthreads-win32/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sources.redhat.com/pthreads-win32/contributors.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sourceware.org/ml/newlib/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sourceware.org/newlib/docs.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://sqlite.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/src/net/tools/dns_trace_formatter/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/cld/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://srtp.sourceforge.net/srtp.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ss.ask.com/query?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ss.es.ask.com/query?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ss.it.ask.com/query?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://support.googlecode.com/svn/trunk/scripts/googlecode_upload.py
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://szukaj.onet.pl/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://szukaj.onet.pl/favicon.icohttp://szukaj.onet.pl/query.html?qt=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://szukaj.wp.pl/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://szukaj.wp.pl/favicon.icohttp://szukaj.wp.pl/szukaj.html?szukaj=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://talloc.samba.org/talloc/doc/html/index.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://th-sayt.ff.search.yahoo.com/gossip-th-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://th.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://th.search.yahoo.com/favicon.icohttp://th.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://transgaming.com/business/swiftshader
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://trevp.net/tlslite/
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/favicon.icohttp://tw.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://uk-sayt.ff.search.yahoo.com/gossip-uk-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/favicon.icohttp://uk.search.yahoo.com/search?ei=
Source: voVnFsOaJK.exe, 00000000.00000002.1936379969.0000000004001000.00000020.00020000.sdmpString found in binary or memory: http://update.l2vn.com/l2zaken
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://url.handled.by.fake.dns/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://url.handled.by.slow.download/download-finish
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://url.handled.by.slow.download/download-known-size
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://url.handled.by.slow.download/download-unknown-size
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://url.handled.by.slow.download/download-unknown-sizehttp://url.handled.by.slow.download/downloa
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://valgrind.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ve.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://ve.search.yahoo.com/favicon.icohttp://ve.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://verizon.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://verizon.net/http://opendns.com/http://comcast.com/Check
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://vn-sayt.ff.search.yahoo.com/gossip-vn-sayt?output=fxjson&command=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://vn.search.yahoo.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://vn.search.yahoo.com/favicon.icohttp://vn.search.yahoo.com/search?ei=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://web-bug.appspot.com/bugreport
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://web-bug.appspot.com/bugreporthttp://www.google.com/safebrowsing/report_phish/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://webkit.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://wpad/wpad.dat.
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.02.fi/img/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.7-zip.org/sdk.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.adel.nursat.kz/apg/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.altavista.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.altavista.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.altavista.com/favicon.icohttp://www.altavista.com/web/results?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.apple.com/legal/guidelinesfor3rdparties.html.
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ask.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ask.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ask.com/favicon.icohttp://www.ask.com/web?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.atlas.sk/images/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.atlas.sk/images/favicon.icohttp://hladaj.atlas.sk/fulltext/?phrase=
Source: L2vnH5.exe.tmp, 00000006.00000003.2250220313.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.awesomium.com6
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.azillionmonkeys.com/qed/hash.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.boost.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.chromium.org/blink
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.coskuacay.com
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.dabeaz.com/ply/ply-3.4.tar.gz
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.daemonology.net/bsdiff/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.eniro.se/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.eniro.se/favicon.icohttp://www.eniro.se/query?ax=spray&search_word=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.freedesktop.org/software/systemd/libudev/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.gnu.org/copyleft/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.gnu.org/copyleft/lesser.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.gnu.org/copyleft/lesser.txt
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.gnu.org/licenses/&gt;.
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/chrome/sync
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/chrome/syncnotificationsync-ping
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/notebook/token?zx=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/notebook/toolbar?cmd=list&tok=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/safebrowsing/report_error/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/safebrowsing/report_phish/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/accounts/bin/answer.py?answer=48598
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/accounts/bin/answer.py?ctx=ch&answer=27444
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/bin/answer.py?answer=106318
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/bin/answer.py?answer=106318http://www.google.com/support/bin/answer.py
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/bin/answer.py?answer=45449&topic=360&sa=X&oi=malwarewarninglink&resnum
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/chrome/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/chrome/bin/answer.py?answer=150752
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/chrome/bin/answer.py?answer=95464
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/talk/bin/request.py
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/talk/protocol/auth
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/talk/protocol/authP
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/tools/firefox/toolbar/FT2/intl/%s/submit_success.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/tools/firefox/toolbar/FT2/intl/%s/submit_success.html?tpl=%s&continue=%s&url=%
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/update2/response
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/update2/response2.0hashInvalid
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.gtk.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.ijg.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.ijg.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.in.gr/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.jabse.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.jclark.com/xthttp://xmlsoft.org/XSLT/namespacexsltNewExtDef
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.khronos.org/registry
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.khronos.org/registry/typedarray/specs/latest/#7
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.kvasir.no/img/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.linuxfoundation.org/collaborate/workgroups/accessibility/iaccessible2
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.icohttp://www.maktoob.com/searchResult.php?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.masrawy.com/new/images/masrawy.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.masrawy.com/new/images/masrawy.icohttp://masrawy.com/new/search.aspx?sr=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.mesa3d.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.monkey.org/~provos/libevent/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.org/NPL/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.org/projects/nspr/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.org/projects/security/pki/nss/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.najdi.si/master/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.najdi.si/master/favicon.icohttp://www.najdi.si/search.jsp?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.neti.ee/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.netlib.org/fp/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.nur.kz/favicon_kz.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.nur.kz/favicon_kz.icohttp://search.nur.kz/?encoding=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.opensource.apple.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.opensource.apple.com/apsl/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.openssl.org/)
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.icohttp://buscar.ozu.es/index.php?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.ba/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.ba/favicon.icohttp://www.pogodak.ba/search.jsp?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.hr/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.hr/favicon.icohttp://www.pogodak.hr/search.jsp?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.rs/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodak.rs/favicon.icohttp://www.pogodak.rs/search.jsp?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodok.com.mk/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.pogodok.com.mk/favicon.icohttp://www.pogodok.com.mk/search.jsp?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.polymer-project.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icohttp://www.rambler.ru/srch?words=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.seanpatrickobrien.com/journal/posts/3
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.search.ch/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.search.ch/favicon.icohttp://www.search.ch/index.de.html?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.search.ch/index.fr.html?q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.suitable.com
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html&gt;
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.swig.org/download.html
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.torchmobile.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.tortall.net/projects/yasm/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.tut.by/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.tut.by/favicon.icohttp://search.tut.by/?query=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.unicode.org/copyright.html.
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.voidspace.org.uk/python/mock/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.walla.co.il/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?e=hew&q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.webmproject.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://www.webrtc.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.winimage.com/zLibDllr
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.wolframalpha.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.yahoo.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.yamli.com/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://www.yamli.com/favicon.icohttp://www.yamli.com/#q=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://xmlsoft.org
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://xmlsoft.org/XSLT
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/Registering
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ua/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: http://zlib.net/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: http://zoznam.sk/favicon.ico
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://android.googlesource.com/platform/development/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://android.googlesource.com/platform/frameworks/support
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://android.googlesource.com/platform/ndk/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://android.googlesource.com/platform/packages/apps/Settings/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://boringssl.googlesource.com/boringssl
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=28885
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=62218
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://chrome.google.com/extensions
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/third_party/hwcplus/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients1.google.com/translate_a/t
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=current_tip0aY
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients2.googleusercontent.com/crx/download
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients4.google.com/chrome-syncwww.google.comLSID
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://clients4.google.com/firefox/metrics/collectUninstall
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=112508
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://code.google.com/p/cld2/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://code.google.com/p/omaha/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT)
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://codereview.chromium.org/530663002/
Source: L2vnH5.exe.tmp, 00000006.00000003.2055932249.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://cps.trust-provider.com0L
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://crashpad.googlecode.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: L2vnH5.exe.tmp, 00000006.00000003.3052739820.000000000544F000.00000004.00000001.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://dl-ssl.google.com/chrome/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://dl-ssl.google.com/chrome/https://tools.google.com/chrome/https://clients2.googleusercontent.
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://dl-ssl.google.com/edgedl/chrome/plugins/plugins2.xml
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://git.gnome.org/browse/libsecret/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Kerrick/readability-js
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/chromium/dom-distiller
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/domokit/mojo
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/erikdoe/ocmock
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/google/brotli
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/544
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/google/leveldb.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/google/woff2
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/googlei18n/google-input-tools.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/googlei18n/libaddressinput
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/liblouis/liblouis
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/martine/webtreemap
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/mbostock/d3
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/natduca/py_trace_event
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/rentzsch/mach_override
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/tartley/colorama.git
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://github.com/web-animations/web-animations-js
Source: voVnFsOaJK.exe, 00000000.00000002.1936379969.0000000004001000.00000020.00020000.sdmpString found in binary or memory: https://l2vn.com/tin-tuc/Grand-Crusade-Huong-Dan-Tan-Thu-1136/#main
Source: voVnFsOaJK.exe, 00000000.00000002.1936379969.0000000004001000.00000020.00020000.sdmpString found in binary or memory: https://l2vn.com/tin-tuc/Grand-Crusade-Huong-Dan-Tan-Thu-1136/#mainU
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://pypi.python.org/pypi/Markdown
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://pypi.python.org/pypi/bintrees/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://pypi.python.org/pypi/coverage
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_test
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/newkey?client=%s&appver=%s&pver=2.2
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://silver.arm.com/download/Software/Graphics/OX000-BU-00010-r1p0-00bet0/OX000-BU-00010-r1p0-00b
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://sites.google.com/site/stpfastprover
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://source.android.com/
Source: L2vnH5.exe.tmp, 00000006.00000003.2336411111.0000000005100000.00000004.00000001.sdmpString found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://tools.google.com/chrome/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/Check
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/NewAccount?service=chromiumsync
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/NewAccount?service=chromiumsynchttp://www.google.com/support/account
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/ServiceLogin
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/accounts/ServiceLoginCheck
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/loc/json
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com:443/accounts/ClientLogin
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com:443/accounts/ClientLoginBookmarkSyncSettings.sqlite3

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)Show sources
Source: L2vnH5.exe.tmp, 00000006.00000003.2475918914.0000000005100000.00000004.00000001.sdmpBinary or memory string: DirectDrawCreateEx

Spam, unwanted Advertisements and Ransom Demands:

barindex
Writes many files with high entropyShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\files.lst[1].lz entropy: 7.99753665806Jump to dropped file
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\Desktop\files.lst.lz entropy: 7.99753665806
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2vnH5.exe[1].lz entropy: 7.99997107794Jump to dropped file
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\Desktop\L2vnH5.exe.lz entropy: 7.99997107794Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\files.lst.lz entropy: 7.99753665806Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\AdditionalItemGrp.dat[1].lz entropy: 7.99774605505Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\AdditionalItemGrp.dat.lz entropy: 7.99774605505Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\AdditionalItemGrp.dat entropy: 7.99795510793Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\aegisty.bin[1].lz entropy: 7.99994543491Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\aegisty.bin.lz entropy: 7.99994543491Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ALAudio.dll[1].lz entropy: 7.99755430467Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ALAudio.dll.lz entropy: 7.99755430467Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Armorgrp.dat[1].lz entropy: 7.99960316857Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Armorgrp.dat.lz entropy: 7.99960316857Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Armorgrp.dat entropy: 7.99958526309Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Awesomium.dll[1].lz entropy: 7.99997294677Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Awesomium.dll.lz entropy: 7.99997294677Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\AwesomiumProcess.exe[1].lz entropy: 7.99874955303Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\AwesomiumProcess.exe.lz entropy: 7.99874955303Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bdcap32.dll[1].lz entropy: 7.99992510283Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\bdcap32.dll.lz entropy: 7.99992510283Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\beecrypt.dll[1].lz entropy: 7.99771177169Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\beecrypt.dll.lz entropy: 7.99771177169Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\cef.pak[1].lz entropy: 7.99940624522Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\cef.pak.lz entropy: 7.99940624522Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\cef_100_percent.pak[1].lz entropy: 7.99943142565Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\cef_100_percent.pak.lz entropy: 7.99943142565Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\cef_200_percent.pak[1].lz entropy: 7.99963915744Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\cef_200_percent.pak.lz entropy: 7.99963915744Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Core.dll[1].lz entropy: 7.99988308976Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Core.dll.lz entropy: 7.99988308976Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Core.u[1].lz entropy: 7.9910414519Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Core.u.lz entropy: 7.9910414519Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\d3dcompiler_43.dll[1].lz entropy: 7.99976711921Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\d3dcompiler_43.dll.lz entropy: 7.99976711921Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\d3dcompiler_47.dll[1].lz entropy: 7.99982356527Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\d3dcompiler_47.dll.lz entropy: 7.99982356527Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\D3DDrv.dll[1].lz entropy: 7.99905695064Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\D3DDrv.dll.lz entropy: 7.99905695064Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\D3DX9_40.dll[1].lz entropy: 7.99988109514Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\D3DX9_40.dll.lz entropy: 7.99988109514Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\dbghelp.dll[1].lz entropy: 7.99959332661Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\dbghelp.dll.lz entropy: 7.99959332661Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DefOpenAL32.dll[1].lz entropy: 7.99535288226Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\DefOpenAL32.dll.lz entropy: 7.99535288226Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\DSETUP.dll[1].lz entropy: 7.99358186689Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\DSETUP.dll.lz entropy: 7.99358186689Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Editor.u[1].lz entropy: 7.99793612943Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Editor.u.lz entropy: 7.99793612943Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\encvag.dll[1].lz entropy: 7.99690067723Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\encvag.dll.lz entropy: 7.99690067723Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Engine.dll[1].lz entropy: 7.99996786369Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Engine.dll.lz entropy: 7.99996786369Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Engine.u[1].lz entropy: 7.99964170125Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Engine.u.lz entropy: 7.99964170125Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\EtcItemgrp.dat[1].lz entropy: 7.99867982473Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\EtcItemgrp.dat.lz entropy: 7.99867982473Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\EtcItemgrp.dat entropy: 7.9986909669Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ffmpegsumo.dll[1].lz entropy: 7.99952784931Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ffmpegsumo.dll.lz entropy: 7.99952784931Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Fire.dll[1].lz entropy: 7.99706666661Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Fire.dll.lz entropy: 7.99706666661Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fmodex.dll[1].lz entropy: 7.99946345436Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\fmodex.dll.lz entropy: 7.99946345436Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\GamePlay.u[1].lz entropy: 7.9965124774Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\GamePlay.u.lz entropy: 7.9965124774Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\GameTip-eu.dat[1].lz entropy: 7.99189789951Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\GameTip-eu.dat.lz entropy: 7.99189789951Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\GameTip-eu.dat entropy: 7.99241457154Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\icudt42.dll[1].lz entropy: 7.99994421564Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\icudt42.dll.lz entropy: 7.99994421564Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\icudtl.dat[1].lz entropy: 7.99994209499Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\icudtl.dat.lz entropy: 7.99994209499Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\Interface.u[1].lz entropy: 7.9998928744Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Interface.u.lz entropy: 7.9998928744Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Interface.xdat[1].lz entropy: 7.99860073563Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Interface.xdat.lz entropy: 7.99860073563Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ItemName-eu.dat[1].lz entropy: 7.99979818687Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ItemName-eu.dat.lz entropy: 7.99979818687Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ItemName-eu.dat entropy: 7.99972147886Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ItemStatData.dat[1].lz entropy: 7.99866604926Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ItemStatData.dat.lz entropy: 7.99866604926Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ItemStatData.dat entropy: 7.99852659749Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\item_baseinfo.dat[1].lz entropy: 7.99828241562Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\item_baseinfo.dat.lz entropy: 7.99828241562Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\item_baseinfo.dat entropy: 7.99814944281Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\l2.exe[1].lz entropy: 7.99987479808Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\l2.exe.lz entropy: 7.99987479808Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\L2CefSubProcess.exe[1].lz entropy: 7.99772536428Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2CefSubProcess.exe.lz entropy: 7.99772536428Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2CompiledShader.bin[1].lz entropy: 7.99571016658Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2CompiledShader.bin.lz entropy: 7.99571016658Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\L2CrashSender.exe[1].lz entropy: 7.99732495877Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2CrashSender.exe.lz entropy: 7.99732495877Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\L2GameDataName.dat[1].lz entropy: 7.9996764494Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2GameDataName.dat.lz entropy: 7.9996764494Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2GameDataName.dat entropy: 7.99968936675Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\L2_ORIGINAL.exe[1].lz entropy: 7.99986839877Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2_ORIGINAL.exe.lz entropy: 7.99986839877Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\libcef.dll[1].lz entropy: 7.99998824588Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libcef.dll.lz entropy: 7.99998824588Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\libEGL.dll[1].lz entropy: 7.99499747053Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libEGL.dll.lz entropy: 7.99499747053Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\libGLESv2.dll[1].lz entropy: 7.99961924487Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libGLESv2.dll.lz entropy: 7.99961924487Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\LineageEffect.u[1].lz entropy: 7.99987472857Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\LineageEffect.u.lz entropy: 7.99987472857Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\LineageEffect2.u[1].lz entropy: 7.99521472942Jump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\LineageEffect2.u.lz entropy: 7.99521472942Jump to dropped file

System Summary:

barindex
PE file contains strange resourcesShow sources
Source: voVnFsOaJK.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: voVnFsOaJK.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: L2vnH5.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: L2vnH5.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
PE file has an invalid certificateShow sources
Source: voVnFsOaJK.exeStatic PE information: invalid certificate
Reads the hosts fileShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Sample file is different than original file name gathered from version infoShow sources
Source: voVnFsOaJK.exe, 00000000.00000002.1936320386.0000000003CC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs voVnFsOaJK.exe
Source: voVnFsOaJK.exe, 00000000.00000002.1933704622.00000000021F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs voVnFsOaJK.exe
Tries to load missing DLLsShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeSection loaded: wow64log.dllJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpSection loaded: wow64log.dllJump to behavior
Yara signature matchShow sources
Source: C:\Users\user\Desktop\L2vnH5\libcef.dll, type: DROPPEDMatched rule: Datper author = JPCERT/CC Incident Response Group, description = detect Datper in memory, rule_usage = memory scan, reference = https://blogs.jpcert.or.jp/en/2017/08/detecting-datper-malware-from-proxy-logs.html
Classification labelShow sources
Source: classification engineClassification label: mal80.rans.evad.winEXE@3/389@2/1
Creates files inside the user directoryShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\files.lst[1].lzJump to behavior
Parts of this applications are using Borland Delphi (Probably coded in Delphi)Show sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
SQL strings found in memory and binary dataShow sources
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: create table %_segdir( level integer, idx integer, start_block integer, leaves_end_block integer, end_block integer, root blob, primary key(level, idx));
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT value FROM WHERE key = ''; (key, value) VALUES ('', ?);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT ALL * FROM %s WHERE %s;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table'; (key TEXT NOT NULL ON CONFLICT FAIL UNIQUE ON CONFLICT REPLACE,value TEXT NOT NULL ON CONFLICT FAIL);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: create table %_segments(block blob);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT ALL * FROM %s;
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: L2vnH5.exe.tmp, 00000006.00000003.2240017069.0000000005116000.00000004.00000001.sdmpBinary or memory string: INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0BEGIN EXCLUSIVE;PRAGMA vacuum_db.synchronous=OFFATTACH ''
Sample is known by AntivirusShow sources
Source: voVnFsOaJK.exeVirustotal: Detection: 30%
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\voVnFsOaJK.exe 'C:\Users\user\Desktop\voVnFsOaJK.exe'
Source: unknownProcess created: C:\Users\user\Desktop\L2vnH5.exe.tmp C:\Users\user\Desktop\L2vnH5.exe.tmp
Source: C:\Users\user\Desktop\voVnFsOaJK.exeProcess created: C:\Users\user\Desktop\L2vnH5.exe.tmp C:\Users\user\Desktop\L2vnH5.exe.tmpJump to behavior
Writes ini filesShow sources
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile written: C:\Users\user\Desktop\L2vnH5\L2.iniJump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Submission file is bigger than most known malware samplesShow sources
Source: voVnFsOaJK.exeStatic file information: File size 8016392 > 1048576
PE file has a big raw sectionShow sources
Source: voVnFsOaJK.exeStatic PE information: Raw size of .l2vn1 is bigger than: 0x100000 < 0x712c00
Binary contains paths to debug symbolsShow sources
Source: Binary string: DSETUP.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2537666435.0000000005100000.00000004.00000001.sdmp
Source: Binary string: Couldn't loadLoaded%s%s%s%s%s.pdbOMAPFROMOMAPTOFPOPDATAXDATA%s %s source: L2vnH5.exe.tmp, 00000006.00000003.2528036342.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_47.pdb* source: L2vnH5.exe.tmp, 00000006.00000003.2466782440.0000000005100000.00000004.00000001.sdmp
Source: Binary string: c:\Documents and Settings\ghiebert\My Documents\prog\openal\OpenAL-Windows\Router\Release\OpenAL32.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2534381252.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_43.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2435551032.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D:\PERFORCE\OTC_EP40_0907\Client\System\PDBFiles\L2CefSubProcess.pdbI source: L2vnH5.exe.tmp, 00000006.00000003.3061552238.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_47.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2466782440.0000000005100000.00000004.00000001.sdmp
Source: Binary string: d3dx9_40.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2513227568.0000000005100000.00000004.00000001.sdmp
Source: Binary string: d3dx9_40.pdbdC> source: L2vnH5.exe.tmp, 00000006.00000003.2513227568.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_43.pdb` source: L2vnH5.exe.tmp, 00000006.00000003.2435551032.0000000005100000.00000004.00000001.sdmp
Source: Binary string: .pdb.dbg%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X age: %X source: L2vnH5.exe.tmp, 00000006.00000003.2528036342.0000000005100000.00000004.00000001.sdmp
Source: Binary string: D:\PERFORCE\OTC_EP40_0907\Client\System\PDBFiles\L2CefSubProcess.pdb source: L2vnH5.exe.tmp, 00000006.00000003.3061552238.0000000005100000.00000004.00000001.sdmp
Source: Binary string: c:\test\beecrypt\Release\beecrypt.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2316069543.0000000005100000.00000004.00000001.sdmp
Source: Binary string: dbghelp.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2528036342.0000000005100000.00000004.00000001.sdmp
Source: Binary string: E:\Win-2357\download\chromium\src\out\Release\ffmpegsumo.dll.pdb source: L2vnH5.exe.tmp, 00000006.00000003.2745628865.0000000005100000.00000004.00000001.sdmp
Source: Binary string: c:\test\beecrypt\Release\beecrypt.pdbh source: L2vnH5.exe.tmp, 00000006.00000003.2316069543.0000000005100000.00000004.00000001.sdmp

Data Obfuscation:

barindex
Entry point lies outside standard sectionsShow sources
Source: initial sampleStatic PE information: section where entry point is pointing to: .l2vn1
PE file contains sections with non-standard namesShow sources
Source: voVnFsOaJK.exeStatic PE information: section name: .l2vn0
Source: voVnFsOaJK.exeStatic PE information: section name: .l2vn1
Source: L2vnH5.exe.6.drStatic PE information: section name: .l2vn0
Source: L2vnH5.exe.6.drStatic PE information: section name: .l2vn1

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Awesomium.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\icudt42.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Fire.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\d3dcompiler_43.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\dbghelp.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2CrashSender.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\DSETUP.dllJump to dropped file
Source: C:\Users\user\Desktop\voVnFsOaJK.exeFile created: C:\Users\user\Desktop\L2vnH5.exe.tmpJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2CefSubProcess.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\L2_ORIGINAL.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\AwesomiumProcess.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\bdcap32.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\D3DX9_40.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\encvag.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ffmpegsumo.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\ALAudio.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\beecrypt.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\DefOpenAL32.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Engine.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libcef.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\fmodex.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\aegisty.binJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\D3DDrv.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\Core.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpFile created: C:\Users\user\Desktop\L2vnH5\l2.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign processShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 1D0005 value: E9 EB AF 98 77 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 77B5AFF0 value: E9 1A 50 67 88 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 1E0008 value: E9 1B EE 9B 77 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 77B9EE20 value: E9 F0 11 64 88 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 1F0005 value: E9 CB 5A 94 74 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 74B35AD0 value: E9 3A A5 6B 8B Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 2150005 value: E9 5B B0 A0 72 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 74B5B060 value: E9 AA 4F 5F 8D Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 2160005 value: E9 1B FC 43 72 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 7459FC20 value: E9 EA 03 BC 8D Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 2170005 value: E9 8B 47 45 72 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 745C4790 value: E9 7A B8 BA 8D Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 2180005 value: E9 FB A6 A0 75 Jump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeMemory written: PID: 3628 base: 77B8A700 value: E9 0A 59 5F 8A Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 1D0005 value: E9 EB AF 98 77 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 77B5AFF0 value: E9 1A 50 67 88 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 1E0008 value: E9 1B EE 9B 77 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 77B9EE20 value: E9 F0 11 64 88 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 1F0005 value: E9 CB 5A 94 74 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 74B35AD0 value: E9 3A A5 6B 8B Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 670005 value: E9 5B B0 4E 74 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 74B5B060 value: E9 AA 4F B1 8B Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 680005 value: E9 1B FC F1 73 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 7459FC20 value: E9 EA 03 0E 8C Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 690005 value: E9 8B 47 F3 73 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 745C4790 value: E9 7A B8 0C 8C Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 2040005 value: E9 FB A6 B4 75 Jump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpMemory written: PID: 4552 base: 77B8A700 value: E9 0A 59 4B 8A Jump to behavior

Malware Analysis System Evasion:

barindex
Query firmware table information (likely to detect VMs)Show sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\voVnFsOaJK.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpSystem information queried: FirmwareTableInformationJump to behavior
Tries to detect debuggers by setting the trap flag for special instructionsShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeSpecial instruction interceptor: First address: 4a740b4 instructions rdtsc
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
Source: voVnFsOaJK.exe, 00000000.00000002.1936561107.00000000040A0000.00000020.00020000.sdmpBinary or memory string: SBIEDLL.DLL
Tries to detect virtualization through RDTSC time measurementsShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeRDTSC instruction interceptor: First address: 4551fab second address: 41f82da instructions: 0x00000000 rdtsc 0x00000002 sub ebp, 00000008h 0x00000008 mov dword ptr [ebp+00h], edx 0x0000000c clc 0x0000000d mov dword ptr [ebp+04h], eax 0x00000010 not al 0x00000012 sar ax, FFDCh 0x00000016 dec ah 0x00000018 sub edi, 00000004h 0x0000001e jmp 00007FADE0BB55E3h 0x00000023 mov eax, dword ptr [edi] 0x00000025 test edx, edx 0x00000027 cmp edi, edx 0x00000029 xor eax, ebx 0x0000002b jmp 00007FADE0DDC90Dh 0x00000030 inc eax 0x00000031 test cl, FFFFFFAEh 0x00000034 cmc 0x00000035 bswap eax 0x00000037 neg eax 0x00000039 cmc 0x0000003a jmp 00007FADE0DD4737h 0x0000003f rol eax, 03h 0x00000042 cmc 0x00000043 test bp, si 0x00000046 xor ebx, eax 0x00000048 add esi, eax 0x0000004a jmp 00007FADE125B4FCh 0x0000004f jmp 00007FADE0B58F07h 0x00000054 lea eax, dword ptr [esp+60h] 0x00000058 jmp 00007FADE11CFF9Ah 0x0000005d cmp ebp, eax 0x0000005f ja 00007FADE0B713E1h 0x00000065 push esi 0x00000066 ret 0x00000067 mov ecx, dword ptr [ebp+00h] 0x0000006b rdtsc
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\icudt42.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\Awesomium.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\Fire.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\dbghelp.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\d3dcompiler_43.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\L2CrashSender.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\DSETUP.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\L2CefSubProcess.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\L2_ORIGINAL.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\AwesomiumProcess.exeJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\bdcap32.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\D3DX9_40.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\encvag.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\ffmpegsumo.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\beecrypt.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\ALAudio.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\DefOpenAL32.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\Engine.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\libcef.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\fmodex.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\aegisty.binJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\D3DDrv.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\Core.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\L2vnH5.exe.tmpDropped PE file which has not been started: C:\Users\user\Desktop\L2vnH5\l2.exeJump to dropped file
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: L2vnH5.exe.tmp, 00000006.00000003.3052526508.00000000053A4000.00000004.00000001.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: L2vnH5.exe.tmp, 00000006.00000003.2358545939.0000000005100000.00000004.00000001.sdmpBinary or memory string: HGFsB
Source: L2vnH5.exe.tmp, 00000006.00000003.2745628865.0000000005100000.00000004.00000001.sdmpBinary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbrgbaabgrbgragray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20beyvyu422vdaya16beya16leqsvrgba64bergba64lebgra64bebgra64le0rgbrg
Source: L2vnH5.exe.tmp, 00000006.00000003.2745628865.0000000005100000.00000004.00000001.sdmpBinary or memory string: xvmcidct
Source: L2vnH5.exe.tmp, 00000006.00000003.3052526508.00000000053A4000.00000004.00000001.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: L2vnH5.exe.tmp, 00000006.00000003.2745628865.0000000005100000.00000004.00000001.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Queries a list of all running processesShow sources
Source: C:\Users\user\Desktop\voVnFsOaJK.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging: