Loading ...

Play interactive tourEdit tour

Analysis Report vThKdmrohJ

Overview

General Information

Sample Name:vThKdmrohJ (renamed file extension from none to exe)
Analysis ID:317088
MD5:1b5ab96e73bd3705a6fdbc32135ba929
SHA1:920706bc60980a3963dc1675e551816568c342c5
SHA256:bc37a2f91a12bc8c3d0a6bf7d0839d6eeaff1bdb8233a9c6777c56f3f85d5b89
Tags:Gozi

Most interesting Screenshot:

Detection

Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Creates a COM Internet Explorer object
Machine Learning detection for sample
Writes or reads registry keys via WMI
Writes registry values via WMI
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • vThKdmrohJ.exe (PID: 5880 cmdline: 'C:\Users\user\Desktop\vThKdmrohJ.exe' MD5: 1B5AB96E73BD3705A6FDBC32135BA929)
  • iexplore.exe (PID: 5752 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 3480 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5752 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5632 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 7152 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5632 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5984 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4604 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5984 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 4544 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6332 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4544 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 6156 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4624 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6156 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 6160 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 7012 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6160 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.658228498.0000000003650000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000000.00000003.659421504.0000000003650000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000000.00000003.658862899.0000000003650000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000000.00000003.659293705.0000000003650000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000000.00000003.658369273.0000000003650000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 30 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus detection for URL or domainShow sources
            Source: https://vrhgroups.xyz/index.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/Avira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmzAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmtAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmindex.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmBsAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/indexAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htm5$Avira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmindex.htmmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyzAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htmI&-Avira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/Avira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmzAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmtAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmindex.htmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmBsAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/indexAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htm5$Avira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz/index.htmindex.htmmAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyzAvira URL Cloud: Label: phishing
            Source: https://vrhgroups.xyz:443/index.htmI&-Avira URL Cloud: Label: phishing
            Multi AV Scanner detection for domain / URLShow sources
            Source: vrhgroups.xyzVirustotal: Detection: 6%Perma Link
            Source: vrhgroups.xyzVirustotal: Detection: 6%Perma Link
            Source: https://vrhgroups.xyz/Virustotal: Detection: 8%Perma Link
            Multi AV Scanner detection for submitted fileShow sources
            Source: vThKdmrohJ.exeVirustotal: Detection: 62%Perma Link
            Source: vThKdmrohJ.exeMetadefender: Detection: 37%Perma Link
            Source: vThKdmrohJ.exeReversingLabs: Detection: 60%
            Source: vThKdmrohJ.exeVirustotal: Detection: 62%Perma Link
            Source: vThKdmrohJ.exeMetadefender: Detection: 37%Perma Link
            Source: vThKdmrohJ.exeReversingLabs: Detection: 60%
            Machine Learning detection for sampleShow sources
            Source: vThKdmrohJ.exeJoe Sandbox ML: detected
            Source: vThKdmrohJ.exeJoe Sandbox ML: detected
            Source: 0.2.vThKdmrohJ.exe.780000.1.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 0.2.vThKdmrohJ.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 0.2.vThKdmrohJ.exe.780000.1.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 0.2.vThKdmrohJ.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

            Networking:

            barindex
            Creates a COM Internet Explorer objectShow sources
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAsJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32Jump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: C:\Users\user\Desktop\vThKdmrohJ.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerJump to behavior
            Source: unknownDNS traffic detected: query: vrhgroups.xyz replaycode: Name error (3)
            Source: unknownDNS traffic detected: query: vrhgroups.xyz replaycode: Name error (3)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc40cae55,0x01d6bb31</date><accdate>0xc40cae55,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc40cae55,0x01d6bb31</date><accdate>0xc40cae55,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc40f10b0,0x01d6bb31</date><accdate>0xc40f10b0,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc40f10b0,0x01d6bb31</date><accdate>0xc40f10b0,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc411731a,0x01d6bb31</date><accdate>0xc411731a,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc411731a,0x01d6bb31</date><accdate>0xc411731a,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc40cae55,0x01d6bb31</date><accdate>0xc40cae55,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xc40cae55,0x01d6bb31</date><accdate>0xc40cae55,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc40f10b0,0x01d6bb31</date><accdate>0xc40f10b0,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xc40f10b0,0x01d6bb31</date><accdate>0xc40f10b0,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc411731a,0x01d6bb31</date><accdate>0xc411731a,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xc411731a,0x01d6bb31</date><accdate>0xc411731a,0x01d6bb31</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: unknownDNS traffic detected: queries for: vrhgroups.xyz
            Source: unknownDNS traffic detected: queries for: vrhgroups.xyz
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
            Source: vThKdmrohJ.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
            Source: vThKdmrohJ.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
            Source: vThKdmrohJ.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: vThKdmrohJ.exeString found in binary or memory: http://ocsp.sectigo.com0
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
            Source: msapplication.xml.3.drString found in binary or memory: http://www.amazon.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
            Source: msapplication.xml1.3.drString found in binary or memory: http://www.google.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
            Source: msapplication.xml2.3.drString found in binary or memory: http://www.live.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
            Source: msapplication.xml3.3.drString found in binary or memory: http://www.nytimes.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
            Source: msapplication.xml4.3.drString found in binary or memory: http://www.reddit.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
            Source: msapplication.xml5.3.drString found in binary or memory: http://www.twitter.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
            Source: msapplication.xml6.3.drString found in binary or memory: http://www.wikipedia.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
            Source: msapplication.xml7.3.drString found in binary or memory: http://www.youtube.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://login.live.com
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmpString found in binary or memory: https://login.live.com/
            Source: vThKdmrohJ.exeString found in binary or memory: https://sectigo.com/CPS0
            Source: vThKdmrohJ.exeString found in binary or memory: https://sectigo.com/CPS0D
            Source: vThKdmrohJ.exe, 00000000.00000003.658228498.0000000003650000.00000004.00000040.sdmp, vThKdmrohJ.exe, 00000000.00000003.792481242.0000000003552000.00000004.00000040.sdmp, iexplore.exe, 0000001B.00000002.925016551.0000000006723000.00000004.00000001.sdmp, iexplore.exe, 0000001B.00000002.922445267.00000000030B0000.00000004.00000020.sdmp, iexplore.exe, 0000001B.00000002.924793258.0000000006690000.00000004.00000001.sdmp, iexplore.exe, 0000001B.00000002.925026994.0000000006727000.00000004.00000001.sdmpString found in binary or memory: https://vrhgroups.xyz
            Source: vThKdmrohJ.exe, 00000000.00000002.921727633.0000000000826000.00000004.00000001.sdmp, vThKdmrohJ.exe, 00000000.00000003.791916280.0000000000826000.00000004.00000001.sdmp, iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/-
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmp, ~DF4E363B3D33972E40.TMP.13.drString found in binary or memory: https://vrhgroups.xyz/index.htm
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htm&
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htm.
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htm131
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmBs
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmG
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmL
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmp, iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmR
            Source: {EDE2EDD3-2724-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://vrhgroups.xyz/index.htmRoot
            Source: iexplore.exe, 0000001B.00000002.924767545.0000000006677000.00000004.00000001.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmZ
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htma;
            Source: {EDE2EDD3-2724-11EB-90EB-ECF4BBEA1588}.dat.3.drString found in binary or memory: https://vrhgroups.xyz/index.htmindex.htm
            Source: iexplore.exe, 0000001B.00000002.922644137.0000000004A30000.00000004.00000001.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmindex.htmm
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmlB
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmrosoft
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmrrorStatus=0x800C0005&DNSError=9003#https://vrhgroups.xyz/index.htm
            Source: iexplore.exe, 0000001B.00000002.922258879.0000000003007000.00000004.00000020.sdmp, iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmt
            Source: iexplore.exe, 0000001B.00000002.922349780.0000000003055000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz/index.htmz
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz:443/index.htm
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz:443/index.htm5$
            Source: vThKdmrohJ.exe, 00000000.00000002.921609969.00000000007BA000.00000004.00000020.sdmpString found in binary or memory: https://vrhgroups.xyz:443/index.htmI&-
            Source: vThKdmrohJ.exe, 00000000.00000003.658228498.0000000003650000.00000004.00000040.sdmpString found in binary or memory: https://vrhgroups.xyzg
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
            Source: vThKdmrohJ.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
            Source: vThKdmrohJ.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
            Source: vThKdmrohJ.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
            Source: vThKdmrohJ.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: vThKdmrohJ.exeString found in binary or memory: http://ocsp.sectigo.com0
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
            Source: iexplore.exe, 0000001B.00000002.923844889.0000000005B80000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
            Source: msapplication.xml.3.drString found in binary or memory: http://www.amazon.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
            Source: msapplication.xml1.3.drString found in binary or memory: http://www.google.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
            Source: msapplication.xml2.3.drString found in binary or memory: http://www.live.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
            Source: msapplication.xml3.3.drString found in binary or memory: http://www.nytimes.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
            Source: msapplication.xml4.3.drString found in binary or memory: http://www.reddit.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
            Source: msapplication.xml5.3.drString found in binary or memory: http://www.twitter.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
            Source: msapplication.xml6.3.drString found in binary or memory: http://www.wikipedia.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
            Source: msapplication.xml7.3.drString found in binary or memory: http://www.youtube.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
            Source: iexplore.exe, 0000001B.00000002.924248174.0000000005C73000.00000002.00000001.sdmp