Loading ...

Play interactive tourEdit tour

Analysis Report presentation.jar

Overview

General Information

Sample Name:presentation.jar
Analysis ID:403821
MD5:6c5e7908c3a06aafd6dcebc8a2dcb674
SHA1:d094aef9d24e13ab70f2ef767242be554ed855ae
SHA256:cb8b20c28a0ac697b6f5bd430bd86762f6b9ef635428fe3fe77e174b172ac6f4
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Exploit detected, runtime environment dropped PE file
Exploit detected, runtime environment starts unknown processes
Sigma detected: System File Execution Location Anomaly
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • cmd.exe (PID: 6680 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • java.exe (PID: 6732 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar' MD5: 28733BA8C383E865338638DF5196E6FE)
      • icacls.exe (PID: 6808 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 6820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • iexplore.exe (PID: 6900 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/ MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 6976 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6900 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • regsvr32.exe (PID: 3084 cmdline: regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    8.2.regsvr32.exe.3ed0000.1.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
      8.3.regsvr32.exe.2f8d23.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: System File Execution Location AnomalyShow sources
        Source: Process startedAuthor: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6680, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 6696

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 8.3.regsvr32.exe.2f8d23.0.raw.unpackMalware Configuration Extractor: Ursnif {"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Local\broker.dllReversingLabs: Detection: 10%
        Multi AV Scanner detection for submitted fileShow sources
        Source: presentation.jarVirustotal: Detection: 22%Perma Link
        Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
        Source: unknownHTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49738 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49741 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 50.87.249.219:443 -> 192.168.2.6:49734 version: TLS 1.2
        Source: Binary string: c:\119\Minute\Force_Lead\Apple\oil.pdb source: regsvr32.exe, 00000008.00000002.596564927.0000000003F04000.00000002.00020000.sdmp, broker.dll.2.dr

        Software Vulnerabilities:

        barindex
        Exploit detected, runtime environment starts unknown processesShow sources
        Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Program Files\internet explorer\iexplore.exe
        Source: Joe Sandbox ViewIP Address: 34.202.206.65 34.202.206.65
        Source: Joe Sandbox ViewIP Address: 35.181.18.61 35.181.18.61
        Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
        Source: Joe Sandbox ViewJA3 fingerprint: d2935c58fe676744fecc8614ee5356c7
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
        Source: msapplication.xml0.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
        Source: msapplication.xml0.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
        Source: msapplication.xml5.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
        Source: msapplication.xml5.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
        Source: msapplication.xml7.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
        Source: msapplication.xml7.5.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
        Source: unknownDNS traffic detected: queries for: www.java.com
        Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
        Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
        Source: java.exe, 00000002.00000002.379299472.0000000009FC5000.00000004.00000001.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
        Source: 67B873F492AD87C25B322202223D7A22.cache[1].htm.6.drString found in binary or memory: http://bugs.webkit.org/show_bug.cgi?id=3810
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
        Source: notice[1].js.6.drString found in binary or memory: http://consent-pref.trustarc.com/?type=oracle6
        Source: notice[1].js.6.drString found in binary or memory: http://consent.trustarc.com/
        Source: notice[1].js.6.drString found in binary or memory: http://consent.trustarc.com/bannermsg?
        Source: notice[1].js.6.drString found in binary or memory: http://consent.trustarc.com/noticemsg?
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
        Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org3
        Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org;~
        Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.orgs
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
        Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
        Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
        Source: renderer[1].js.6.drString found in binary or memory: http://github.com/requirejs/text/LICENSE
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
        Source: java.exe, 00000002.00000002.379321886.0000000009FD5000.00000004.00000001.sdmpString found in binary or memory: http://java.oracle.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
        Source: java.exe, 00000002.00000003.351348069.000000001586A000.00000004.00000001.sdmp, java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://null.oracle.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com
        Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://ocsp.comodoca.com0
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com
        Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSAString found in binary or memory: http://ocsp.sectigo.com0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
        Source: render[2].js.6.drString found in binary or memory: http://oss.oracle.com/licenses/upl.
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
        Source: 1.cache[1].js.6.drString found in binary or memory: http://ph-truste-stage.truste-svc.net/js/cookie_iframe.html
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://policy.camerfirma.com
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://policy.camerfirma.com0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
        Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/K
        Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/c
        Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp, java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org
        Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://repository.swisssign.com/0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
        Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
        Source: 1.cache[1].js.6.drString found in binary or memory: http://truste.com/go.htm?dcme
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
        Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
        Source: msapplication.xml.5.drString found in binary or memory: http://www.amazon.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp, java.exe, 00000002.00000002.378777753.0000000004E4E000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org1
        Source: java.exe, 00000002.00000002.378777753.0000000004E4E000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.orgs
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
        Source: msapplication.xml1.5.drString found in binary or memory: http://www.google.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
        Source: msapplication.xml2.5.drString found in binary or memory: http://www.live.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
        Source: msapplication.xml3.5.drString found in binary or memory: http://www.nytimes.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadis.bm
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
        Source: msapplication.xml4.5.drString found in binary or memory: http://www.reddit.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
        Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
        So