ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 11 January 2012, 15:47:00
Processing time: 11 min 42 sec
Submitted sample:

File MD5: 0x28A50A39F90FF75FD056E3B92383B317
File SHA-1: 0xEF9A33265A0F6C41DBCA056BE9903A5CA65CA4F5
Filesize: 463,080 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\Anti-phishing Domain Advisor\guid.dat	38 bytes	MD5: 0xEA942ADA6150EDF57F1BC2E204D07CAC SHA-1: 0x526D31324AB67C1AEC5C868700AE42AC8E42DC7D	(not available)
2	%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe %CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe.nsnF.tmp	81,224 bytes	MD5: 0xAFC663475667F86B6EE7A1528F1D7037 SHA-1: 0x409DDA733BEB9728B86FF1ED7C14A265822D4D98	(not available)
3	%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll.nsnF.tmp	305,832 bytes	MD5: 0x94E62797BC523FDC07F537AD8DD051FC SHA-1: 0x8E7F0573A61450B03C9940A54A2FDAB86107674D	packed with PE_Patch [Kaspersky Lab]
4	%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe.nsnF.tmp	206,504 bytes	MD5: 0x972735C0A9A663E22A69B7B8F0646505 SHA-1: 0x3149BEC3325092887868071A563D13B2FA166317	(not available)
5	%AppData%\blekkotb\dtx.ini	15 bytes	MD5: 0xFC8D926D53F9D201E8FED4C5CEB14620 SHA-1: 0x9EDC50F8C7EFA3209BEF6F17A4247A446C1E45D0	(not available)
6	%AppData%\blekkotb\geodata.xml %Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\geodata.xml	179 bytes	MD5: 0x1C710E1B78242338387D62FD7F57AFD6 SHA-1: 0xF3BF9EFFB611196F6A6A8D4471B941A22720AE44	(not available)
7	%AppData%\blekkotb\guid.dat	38 bytes	MD5: 0xF39F6475EFEBEB75AE83D419FAF3E38E SHA-1: 0x51A6226CF2B9AE2123033FCDA0C2013310A36038	(not available)
8	%AppData%\blekkotb\setupCfg.xml	288 bytes	MD5: 0x8543986E55A90ED15F9BFB90480BEEB4 SHA-1: 0xA40D1FE327F7A68AE45A63BE5ABD25E4A7FB6254	(not available)
9	%Temp%\blekko-manifest.xml %ProgramFiles%\blekkotb\manifest.xml	836 bytes	MD5: 0xFE50F210366C5A1761E294509992F324 SHA-1: 0xAA2505E471C7AD627E7F43AB862F6213FD140773	(not available)
10	%Temp%\ICReinstall\[filename of the sample #1] [file and pathname of the sample #1]	463,080 bytes	MD5: 0x28A50A39F90FF75FD056E3B92383B317 SHA-1: 0xEF9A33265A0F6C41DBCA056BE9903A5CA65CA4F5	packed with UPX [Kaspersky Lab]
11	%Temp%\is1598539481\2090234214.cfg	224 bytes	MD5: 0x4661EE532F36D9EC4B9FD3A4BC1F5EA5 SHA-1: 0x439CE6BDCC40A45E60CB7A62670E2DC23C76BB11	(not available)
12	%Temp%\is1598539481\2112289995.cfg	224 bytes	MD5: 0x1274D09C63D7D37C5E4FB44E31B891BA SHA-1: 0xEDD252EFBAB6B499CB2CD0E0A16B741278D29AF7	(not available)
13	%Temp%\is1598539481\52370_Setup.DAT %MyDocuments%\djdec312a.zip	6,182,304 bytes	MD5: 0xBC21FCD8B6FF610C0D925532787687D2 SHA-1: 0x20CABCD7FEF872E373E392243D0D2D02EABB7BD1	(not available)
14	%Temp%\is1598539481\52394_Setup.CIS	1,966,710 bytes	MD5: 0x45AFB9F184DBE3560061CE4B8B023014 SHA-1: 0xB397D6782680ED9F8FF1896DB8F8DFF83EE11F19	(not available)
15	%Temp%\is1598539481\blekkoTb_1.0.0.8.exe	2,018,856 bytes	MD5: 0xEE14CEFE649B021837FA22F1A263B13D SHA-1: 0xB6996074DF99A15CD1B9B22484F4BD05C0F3C868	(not available)
16	%Temp%\ish210562\css\buttons.css	1,238 bytes	MD5: 0xE10BA3C9C951F5555528C9B291334879 SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C	(not available)
17	%Temp%\ish210562\css\ie6_main.css	475 bytes	MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30 SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA	(not available)
18	%Temp%\ish210562\css\main.css	4,562 bytes	MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242 SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A	(not available)
19	%Temp%\ish210562\css\progress-bar.css	508 bytes	MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000 SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE	(not available)
20	%Temp%\ish210562\defaultOffer\ad_html.txt	233 bytes	MD5: 0xE321D82C7629CFB1D714779402DD23DD SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065	(not available)
21	%Temp%\ish210562\defaultOffer\images\techtracker.jpg	26,693 bytes	MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7 SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807	(not available)
22	%Temp%\ish210562\defaultOffer\TechTracker\TechTracker_code.txt	2,966 bytes	MD5: 0xE695AFF87DE58D140142A47F4F4BA207 SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1	(not available)
23	%Temp%\ish210562\defaultOffer\TechTracker\TechTracker_html.txt	1,021 bytes	MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD	(not available)
24	%Temp%\ish210562\images\green_btn.png	485 bytes	MD5: 0xB570EA77375823BE8510C0F27768ED62 SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB	(not available)
25	%Temp%\ish210562\images\grey_btn.png	360 bytes	MD5: 0x501821D95E958528FED4747E4190B39F SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9	(not available)
26	%Temp%\ish210562\images\loader.gif	7,791 bytes	MD5: 0xEDB71146254D3B8EBAE18607E801398C SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C	(not available)
27	%Temp%\ish210562\images\main.png	22,145 bytes	MD5: 0x1A2AD75C0AF449D5719473655EF5AF04 SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA	(not available)
28	%Temp%\ish210562\images\offer_box2.png	3,024 bytes	MD5: 0x61F74251810068CB9EDAEAADA3C50D29 SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E	(not available)
29	%Temp%\ish210562\images\pause_btn.png	982 bytes	MD5: 0x14B92CBE22EF5A31A5533D0AB114537E SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C	(not available)
30	%Temp%\ish210562\images\prod-icon.png	4,622 bytes	MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2 SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8	(not available)
31	%Temp%\ish210562\images\progress_bar.png	456 bytes	MD5: 0x26588A39E960E2F5BA70FC082A8F02AF SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A	(not available)
32	%Temp%\ish210562\images\resume_btn.png	985 bytes	MD5: 0x05E22E0225F53B69A44B443540C20324 SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF	(not available)
33	%Temp%\ish210562\images\secure_dwnl.png	2,862 bytes	MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B	(not available)
34	%Temp%\ish210562\images\welcome_prod_box.png	1,593 bytes	MD5: 0x93791BDB5453514A501AD84985B69824 SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0	(not available)
35	%Temp%\ish210562\images\zip_icon.png	943 bytes	MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933 SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF	(not available)
36	%Temp%\ish210562\locale\EN.locale	2,450 bytes	MD5: 0x5128DACAA4884C07897B2A14E924CE2D SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669	(not available)
37	%Temp%\ish210562\mask.bmp.Mask	196 bytes	MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9	(not available)
38	%Temp%\ish210562\sdk\exceptlist.txt	34 bytes	MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174	(not available)
39	%Temp%\nsjB.tmp\nsProcess.dll %Temp%\nst4.tmp\nsProcess.dll	4,096 bytes	MD5: 0x05450FACE243B3A7472407B999B03A72 SHA-1: 0xFFD88AF2E338AE606C444390F7EAAF5F4AEF2CD9	(not available)
40	%Temp%\nsjB.tmp\UAC.dll %Temp%\nst4.tmp\UAC.dll	16,896 bytes	MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8 SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969	(not available)
41	%Temp%\nsl8.tmp %Temp%\nsnF.tmp	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
42	%ProgramFiles%\blekkotb\auxi\blekkoAu.dll	262,312 bytes	MD5: 0xD06A34921074D63738EA24132C480ED6 SHA-1: 0xB3402372D016ACBB8316D636A1128C12A2E51472	(not available)
43	%ProgramFiles%\blekkotb\auxi\config.xml	274 bytes	MD5: 0xFF80E6EED0C0FA47511DFE6B3B079677 SHA-1: 0xFB09E96F021D2081F95E27F2F95946BA438D06A1	(not available)
44	%ProgramFiles%\blekkotb\blekkoDx.dll	86,696 bytes	MD5: 0x1F3B9565FA09E0CC5B64E7E05FBB7F54 SHA-1: 0x99F29887D65EBDEBC6F8CEFCF2397676710DB184	(not available)
45	%ProgramFiles%\blekkotb\blekkotb.dll	438,952 bytes	MD5: 0xC4EB7AD8C3D55BE6E4251F69360D5C38 SHA-1: 0x793E4A85357DC0DC9101971F156156BFCD7B625C	(not available)
46	%ProgramFiles%\blekkotb\chrome\content\custom.js	10,010 bytes	MD5: 0xCD8B856FA62B41684564EB48FD6010E6 SHA-1: 0x8EC18EC1669D43D1816926DC0440AB06FD89A8DC	(not available)
47	%ProgramFiles%\blekkotb\chrome\content\lib\about.xml	4,921 bytes	MD5: 0x066A271DC0C17AFC6FF0A3F091C9902A SHA-1: 0x6480FB2E8510D4F778CA5F012860F892617A83BA	(not available)
48	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpanel.xul	573 bytes	MD5: 0x95EC17707A727FD33987BE7A07194E92 SHA-1: 0x2526B93671448EBBB03818DE9B57FBEE75CE561A	(not available)
49	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpaneltransparent.xul	653 bytes	MD5: 0x239C5696C7BB0580A6CB81A077253AC0 SHA-1: 0x9314294B26FDD45823445211EAD848E4A133EEC4	(not available)
50	%ProgramFiles%\blekkotb\chrome\content\lib\dtxpanelwin.xul	407 bytes	MD5: 0x13CD2406BFF36932421ADA94CFF51556 SHA-1: 0x7C249E08B47E51D7B993875DB028356018CEE468	(not available)
51	%ProgramFiles%\blekkotb\chrome\content\lib\dtxprefwin.xul	307 bytes	MD5: 0x65A2F4FC8403318A42176E623853E322 SHA-1: 0x9BA85F8C0715A7A96D9E1807394BD4EB3345CD0B	(not available)
52	%ProgramFiles%\blekkotb\chrome\content\lib\dtxtransparentwin.xul	657 bytes	MD5: 0x2E3B30A89A70544F13F8E8A2048D32ED SHA-1: 0xB35227B784CA041DC34AF2F2305B8579D0E71EE6	(not available)
53	%ProgramFiles%\blekkotb\chrome\content\lib\dtxwin.xul	387 bytes	MD5: 0xC02FA8EF5FF25FC99F4C8591223E248A SHA-1: 0xBBF2A613D4C430AD3D23CAE7E8BFB580CD55C12C	(not available)
54	%ProgramFiles%\blekkotb\chrome\content\lib\emailnotifierproviders.xml	1,639 bytes	MD5: 0xE842A242EDE1EA20759503A099052D38 SHA-1: 0xCA593FA3E5E4AB0D5B247F96E78E0015CCD2608B	(not available)
55	%ProgramFiles%\blekkotb\chrome\content\lib\external.js	552,224 bytes	MD5: 0x8F93105CE9F92D7A532B35EC67E32831 SHA-1: 0x59412F51A04D729C132B5CC8DC66D04D0E21185A	packed with JSPack [Kaspersky Lab]
56	%ProgramFiles%\blekkotb\chrome\content\lib\neterror.xhtml	344 bytes	MD5: 0xF1D321A9DA995A49E2598A93AB98A2A3 SHA-1: 0x0622F31733225F4D036D63D0AA534104B8B53081	(not available)
57	%ProgramFiles%\blekkotb\chrome\content\lib\rsspreview.html	241 bytes	MD5: 0x300D38768E03CEE1C370445BBED68D8C SHA-1: 0xC3D74B867681F0C22E0C03E93D999C7002042473	(not available)
58	%ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xml	2,602 bytes	MD5: 0xFFA19686935085E9ADDF613AEACC7E65 SHA-1: 0x8BAC907152C20038539804C28BCD4B6690262E72	(not available)
59	%ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xsl	7,474 bytes	MD5: 0xA8C5A0F0E6A5D0E64DD0178344B97531 SHA-1: 0x16C18DEEF77CADDE15F96E88E90CDDF5D8EADF68	(not available)
60	%ProgramFiles%\blekkotb\chrome\content\modules\datastore.jsm	5,119 bytes	MD5: 0x7A6AEE7DA660ACC949996E85545B90BC SHA-1: 0xDEA859794EBBB5B59996245BC8E1C77BECBD0F2C	(not available)
61	%ProgramFiles%\blekkotb\chrome\content\modules\nsDragAndDrop.js	22,187 bytes	MD5: 0x9331B476499A8BDDE92248B7B4C43CB6 SHA-1: 0x7A2313EED6F18A613D9FB73DB1A321E1DBA0D3C3	(not available)
62	%ProgramFiles%\blekkotb\chrome\content\newtab\images\btn_search.gif	2,671 bytes	MD5: 0x3A34F255095637382ABB7479C71A0EA7 SHA-1: 0xF40BA3A9C06AF7D63D8EB9A3EB3EA355D553C426	(not available)
63	%ProgramFiles%\blekkotb\chrome\content\newtab\images\bullet.gif	45 bytes	MD5: 0xDA1A3193AE2D96A96DBDB8E93921D201 SHA-1: 0x256D453A9A10BE1927EFA0A461BAB1C6A016FA36	(not available)
64	%ProgramFiles%\blekkotb\chrome\content\newtab\images\field_bg.gif	389 bytes	MD5: 0xB29878732B5BB33457F55CF5977C9448 SHA-1: 0xED7F9BAEF341536D53D30B7D9EFE59EED33727E2	(not available)
65	%ProgramFiles%\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif	1,029 bytes	MD5: 0x0854AF6254DC1C7040B2B2EC57FD135F SHA-1: 0xB5276943EB659F8A2806CEF454BA3A82C176D59A	(not available)
66	%ProgramFiles%\blekkotb\chrome\content\newtab\newtab.html	6,733 bytes	MD5: 0x1A0AA63F592A2BFE02FF946EFDF7C40F SHA-1: 0xE417D6CC817B214A60FA429F9062B0D94C29530D	(not available)
67	%ProgramFiles%\blekkotb\chrome\content\preferences.xml	663 bytes	MD5: 0xF7725A8FD65327FBD2DC578958D4FB2D SHA-1: 0x70A6589C6B66C55439B0A02359A20342E27A8BF3	(not available)
68	%ProgramFiles%\blekkotb\chrome\content\toolbar.htm	631 bytes	MD5: 0xBAFF789DC96EB9843679D135E865C0D0 SHA-1: 0xEC898E42152CED6B02120CEC7A4B16E177D695E7	(not available)
69	%ProgramFiles%\blekkotb\chrome\content\toolbar.xul	553,000 bytes	MD5: 0x251AA7D114C729C0A44543339B3D978E SHA-1: 0x512BD7BAD1B8A4E55FD1B30D5733D12B106F6689	(not available)
70	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css	4,617 bytes	MD5: 0x85E442DB22E79AB9A933EE1661694957 SHA-1: 0xCB077C2427AA303E157E834C7B777FBF36C2ACFF	(not available)
71	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png	216 bytes	MD5: 0x93A9594D662E46C469CCE305BEE633A4 SHA-1: 0x72D66435320059EAB467384D21D683D4A7BED133	(not available)
72	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif	175 bytes	MD5: 0x41F85B4A728F76041B5E261A62CDE981 SHA-1: 0xB1D1AEC331B43A1E76C635AC67350A3DC10B84D9	(not available)
73	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif	120 bytes	MD5: 0x2AFDE8BF7BF1E50285E272DA05FC4C3E SHA-1: 0x73E5809B0ED33E7181F8A57295722CD9861E6844	(not available)
74	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif	1,814 bytes	MD5: 0xA49CFBDF6ACEF6B36406F9BAA738B002 SHA-1: 0x36E6A2A512A7D9EE1FBA3B0D9511BCA3D3196AD3	(not available)
75	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png	1,457 bytes	MD5: 0xA5E46071EFDD952C700009C5855BAB21 SHA-1: 0xC93D0243F09120CCD15AB52D4E566B0BADB589DE	(not available)
76	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png	1,981 bytes	MD5: 0xBD29344AE6BECAE4821196BD0D8FFFB9 SHA-1: 0x7E527903E3187EC1A1336FC62286C0C6C7FBD654	(not available)
77	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif	4,176 bytes	MD5: 0xEBDFC31F9FBC9848AB637C12D0119A9A SHA-1: 0x4D4DDDED1F429530E8205D1950D781FA4F32E1FF	(not available)
78	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html	612 bytes	MD5: 0xECF47C985F922B4353D3A5D98DA1075E SHA-1: 0x1EFE6335FFA8B2FCA0683FD684585CBEB073CB11	(not available)
79	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css	3,528 bytes	MD5: 0x3EE900FB5A9C90984D4C180A7ACFACCD SHA-1: 0x95673F8432F16BDAD731E5557BED13E22B3B1DA2	(not available)
80	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png	126 bytes	MD5: 0x2002588119B8478D19ADC51FAEB45D21 SHA-1: 0xAEC019679F1F8BAFA8D0C769AFB1DFD4410769D6	(not available)
81	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif	1,782 bytes	MD5: 0x66C3F2AC382ACCEEB14C8DDE57112ACB SHA-1: 0x0171D81A90D80BDAD85898AA2617CC49C7CF5637	(not available)
82	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png	49,773 bytes	MD5: 0xDFA0C68826162BFCC1C493624B0B0082 SHA-1: 0xD6346F7DA4120F21E032D05D7393C6A32A15D13D	(not available)
83	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png	49,488 bytes	MD5: 0xE144769EA9E6693E289FFFADE417E4AB SHA-1: 0x10816B3437FE23C20A97B04B95F9873E28F6AF5E	(not available)
84	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png	48,603 bytes	MD5: 0x5D8C66D3034CB36A07C953D70ED4B916 SHA-1: 0xBAFAC8282C7C7CADD221367E25FD9E2F17F0759A	(not available)
85	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif	352 bytes	MD5: 0xEE7EEE8F8D078C61E6B9456CCDF0C474 SHA-1: 0xF635571BB9A2B97076325479719E600153734AEB	(not available)
86	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png	48,031 bytes	MD5: 0x3E92D10248D63067AAF9A04DA1A3552C SHA-1: 0x0EF9181C9716DFD951BF22A0F3F6B8F0A4A60D7B	(not available)
87	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif %ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif	49 bytes	MD5: 0x3D045B93716ED28DC745E648B3428A26 SHA-1: 0x36955B7E83FF9F5053CF23BD870D720A598C53AA	(not available)
88	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png	47,079 bytes	MD5: 0x1C7F55510E4E46B860CB222DA1929C0A SHA-1: 0xA3752B714C5EC92D257B9C5B896CED3477B4901E	(not available)
89	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png	46,958 bytes	MD5: 0x8162076754549379792A547C3311C378 SHA-1: 0x6732B7BD38760365C69EB0D70B5E5F5004929670	(not available)
90	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png	47,489 bytes	MD5: 0xDBD5065675A6CC342A11D8FEE6B88D5A SHA-1: 0xD6C511CCDC9E7234C0BDE79A6CFB8E624AFC4515	(not available)
91	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png	47,636 bytes	MD5: 0xCD53D3762AA6B723AAE781373721EA80 SHA-1: 0x3B9E2F8264AC2ADB4FFEE0989E9272CA295ECAE2	(not available)
92	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html	2,856 bytes	MD5: 0xFFA2F6EE4A3F0A13D085D09D9ABB712B SHA-1: 0x0D30B05983F431A3C5A28D21902D325268640BAC	(not available)
93	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js	2,390 bytes	MD5: 0x3527161C8F5DFD37D49F0B0EADCF7403 SHA-1: 0x65E5690F506135E959AFF69CD07ACEBC9F0B1942	(not available)
94	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png	4,818 bytes	MD5: 0x918686D72A439180526EFCD414317572 SHA-1: 0x881083754A42DB4C8A9FEBFDEC452725D94BF714	(not available)
95	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js	5,127 bytes	MD5: 0xA41D6454F475B4451F43C2AC52002196 SHA-1: 0xEAAED04B8DE93CCF04082811C7CE9587917E44D3	(not available)
96	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml	1,196 bytes	MD5: 0xC6A647DE027EE696D3DE66328E8D1A14 SHA-1: 0xF4098AE5A7A94F526F24C27BFD1524798CCA6B15	(not available)
97	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt	36 bytes	MD5: 0xF6C6316F6B7F67942128A9A3CB1FE2BC SHA-1: 0xA8680D3E5A7FF7410BAB65C34BF502A5F3892F2E	(not available)
98	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project	226 bytes	MD5: 0x14B1DBB1DFAF08C24DA9CC9AC4BC6BC7 SHA-1: 0x077D8AF50E3D7CC7ACEFCBD5678DAA9DFEB7A3FE	(not available)
99	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css	1,384 bytes	MD5: 0x65FEF1695058DEE1B3B31007CCB17BD7 SHA-1: 0x5D9901E2759645FB8DB4FD982C21E82B7918DD55	(not available)
100	%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png	1,167 bytes	MD5: 0xEE3F6AFEA4E00BB294646D32E5E48FBE SHA-1: 0x6EBC89A31DAB06A0741B053F2B57BCA9DAF4061B	(not available)

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.

The following directories were created:

%Temp%\ish210562
%Temp%\nsjB.tmp
%CommonAppData%\Anti-phishing Domain Advisor
%AppData%\blekkotb
%Temp%\ICReinstall
%Temp%\is1598539481
%Temp%\ish210562\css
%Temp%\ish210562\defaultOffer
%Temp%\ish210562\defaultOffer\images
%Temp%\ish210562\defaultOffer\TechTracker
%Temp%\ish210562\images
%Temp%\ish210562\locale
%Temp%\ish210562\sdk
%Temp%\nst4.tmp
%Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}
%ProgramFiles%\blekkotb
%ProgramFiles%\blekkotb\auxi
%ProgramFiles%\blekkotb\chrome
%ProgramFiles%\blekkotb\chrome\content
%ProgramFiles%\blekkotb\chrome\content\lib
%ProgramFiles%\blekkotb\chrome\content\modules
%ProgramFiles%\blekkotb\chrome\content\newtab
%ProgramFiles%\blekkotb\chrome\content\newtab\images
%ProgramFiles%\blekkotb\chrome\content\widgets
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts
%ProgramFiles%\blekkotb\chrome\data
%ProgramFiles%\blekkotb\chrome\data\search
%ProgramFiles%\blekkotb\chrome\skin
%ProgramFiles%\blekkotb\chrome\skin\lib
%ProgramFiles%\blekkotb\chrome\skin\lib\panels
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\css
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\css
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\scripts
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\images
%ProgramFiles%\blekkotb\chrome\skin\lib\uwa
%ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton
%ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\icons
%ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\panels
%ProgramFiles%\blekkotb\chrome\skin\lib\weatherbutton\panels\images
%ProgramFiles%\blekkotb\chrome\skin\options
%ProgramFiles%\blekkotb\components

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,101,824 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00f12770-e60e-4dc6-9105-425bface7c73}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\AppDataLow\Software
HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb
HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb\na
HKEY_CURRENT_USER\Software\blekkotb
HKEY_CURRENT_USER\Software\blekkotb\na
HKEY_CURRENT_USER\${MUI_LANGDLL_REGISTRY_KEY}

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\InprocServer32]

(Default) = "%ProgramFiles%\blekkotb\auxi\blekkoAu.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]

(Default) = "Updater For Spam Free Search Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\InprocServer32]

(Default) = "%ProgramFiles%\blekkotb\blekkoDx.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

(Default) = "Spam Free Search Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

Tabs = "http://blekko.com/ws/?source=c3348dd4&tbp=tab&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{26c9e18c-3717-4be1-a225-04e4471f5b6e} = "Spam Free Search Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00f12770-e60e-4dc6-9105-425bface7c73}]

AppName = "uninstall.exe"
AppPath = "%ProgramFiles%\blekkotb"
Policy = 0x00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]

(Default) = "Updater For Spam Free Search Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

(Default) = "Spam Free Search Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Anti-phishing Domain Advisor = ""%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe""

so that visicom_antiphishing.exe runs every time Windows starts

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor]

Publisher = "Visicom Media Inc. (Powered by Panda Security)"
DisplayVersion = "1.0.0.0"
DisplayIcon = "%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe"
DisplayName = "Anti-phishing Domain Advisor"
InstallLocation = "%CommonAppData%\Anti-phishing Domain Advisor"
UninstallString = "%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe"
NoModify = 0x00000001
NoRepair = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb]

Publisher = "Visicom Media Inc."
DisplayVersion = "1.0.0.8"
DisplayIcon = "%ProgramFiles%\blekkotb\install.ico"
DisplayName = "Spam Free Search Bar"
InstallLocation = "%ProgramFiles%\blekkotb"
UninstallString = "%ProgramFiles%\blekkotb\uninstall.exe"
NoModify = 0x00000001
NoRepair = 0x00000001
EstimatedSize = 0x00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]

URL = "http://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms}"
DisplayName = "Blekko"
FaviconURLFallback = "http://search.yahoo.com/favicon.ico"
FaviconPath = "%ProgramFiles%\blekkotb\search.ico"
SuggestionsURLFallback = "http://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"
ShowSearchSuggestions = 0x00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

DefaultScope = "{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

blekkotb = "reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f"
blekkotb_XP = "reg.exe delete "HKCU\Software\blekkotb" /f"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb\na]

ne = 0x00000000
ne4 = 0x00000000

[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb]

ve = 0x00000000
lo = 0x00000000

[HKEY_CURRENT_USER\Software\blekkotb\na]

ne = 0x00000000
ne4 = 0x00000000

[HKEY_CURRENT_USER\${MUI_LANGDLL_REGISTRY_KEY}]

${MUI_LANGDLL_REGISTRY_VALUENAME} = "1033"

The following Registry Value was deleted:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

ITBarLayout = 11 00 00 00 36 00 00 00 00 00 00 00 34 00 00 00 1F 00 00 00 56 00 00 00 01 00 00 00 20 07 00 00 A0 0F 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 A0 0F 00 00 04 00 00 00 21 01 00 00 A0 0F 00 00 03 00 00 00 20 03 00 00 00 00 00 0

Other details

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
107.20.139.161	80
178.236.4.25	80
204.0.5.57	80
207.171.163.152	80
207.171.163.24	80
209.18.43.146	80
50.16.225.31	80
64.30.224.89	80
66.115.160.33	80
67.205.74.144	80

The data identified by the following URLs was then requested from the remote web server:

http://os.downloadcdn.com/v2.0.0/?v=2.0&c=1366106496
http://os.downloadcdn.com/Images/Blekko/Toolbar.png
http://os.downloadcdn.com/Images/_Temp/red-btn.png
http://os.downloadcdn.com/Images/Blekko/Logo.png
http://os.downloadcdn.com/Images/DropDownDeals/image.png
http://os.downloadcdn.com/Images/ASPCA/logo.png
http://cdneu.downloadcdn.com.s3-external-3.amazonaws.com/ofr/Blekko_CNET.cis
http://i.i.com.com/cnwk.1d/i/tim//2010/01/16/fmimg453837616889228954.png
http://cdnus.downloadcdn.com/ofr/Blekko_CNET.cis
http://cdneu.downloadcdn.com/ofr/Blekko_CNET.cis
http://software-files-a.cnet.com/s/software//12/13/67/87/djdec312a.zip?token=1326491239_5843972dd11b02442e60e179d2cfc289
http://rp.downloadcdn.com/?pcrc=381287906
http://rp.downloadcdn.com/?pcrc=731374736
http://api.cnet.com/rest/v1.0/softwareProductLink?productSetId=10046809&partTag=dlm
http://geoip.vmn.net/index.php?v=2&tb=blekkotb_1.0.0.8
http://visicom.antiphishingdomain.com/update/blekkotb.xml
http://visicom_antiphising-blekkotb.applicationstat.com/postdata.php

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.