ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 17 June 2012, 15:35:47
Processing time: 13 min 18 sec
Submitted sample:

File MD5: 0x773049D365865FFE8981ADFAA206ECB8
File SHA-1: 0xEED36857A5328A477A28F5747FA72AFE9068CB49
Filesize: 1,021,712 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%AppData%\Babylon\log_file.txt	3,369 bytes	MD5: 0x2C5FA63E33666A4F71D0618D4AF350C5 SHA-1: 0xE29346A88B248DA54915F073584104AEEEB07A6F
2	%DesktopDir%\Continue FLV Player Installation.lnk	911 bytes	MD5: 0x3ED244E19D9DA753F482ED47C3174EF6 SHA-1: 0xC001F8357C9316949ECE8620EFD33980AAA40A04
3	%AppData%\Babylon\Setup\5.10.zpb %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\5.10.zpb	446,785 bytes	MD5: 0x453275F83DD084AE698820259C2269EA SHA-1: 0xD61F1B347CDD4E17F00B91917581857DD9EA4195
4	%AppData%\Babylon\Setup\bab033.tbinst.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\bab033.tbinst.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\bab033.tbinst.dat	236 bytes	MD5: 0x1EE8C638E49EE7137607722768AFC5A2 SHA-1: 0x8719D7A498A49B042CD6FC411CAC6C44F3C0F43A
5	%AppData%\Babylon\Setup\bab091.norecovericon.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\bab091.norecovericon.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\bab091.norecovericon.dat	174 bytes	MD5: 0x4F6E1FDBEF102CDBD379FDAC550B9F48 SHA-1: 0x5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
6	%AppData%\Babylon\Setup\babcrmobj.zpb %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\babcrmobj.zpb	325,229 bytes	MD5: 0x45F0AD559142462F19E8066B96F5FF91 SHA-1: 0x59B74376D6B6E9934C02C10F09747823DF868DB9
7	%AppData%\Babylon\Setup\Babylon.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Babylon.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\Babylon.dat	12,848 bytes	MD5: 0xADBB6A655AE518830BA1AFEFDB84668F SHA-1: 0xA1BE53D99A67FFF011EA035C310588E635C718E1
8	%AppData%\Babylon\Setup\BExternal.dll %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\BExternal.dll	129,536 bytes	MD5: 0x5FB8613B7CF68604BB7A1BF2BBCF048D SHA-1: 0x2688CA41771CC9C5B318C60B8E4DAC94D479B00B
9	%AppData%\Babylon\Setup\HtmlScreens\blueStar.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\blueStar.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\blueStar.png	15,198 bytes	MD5: 0xA7FCDF142648BAC756FCFE06A31F42E4 SHA-1: 0x4DF99B119C183C821ED1BF0F825536318C9C3353
10	%AppData%\Babylon\Setup\HtmlScreens\eula.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\eula.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\eula.html	81,185 bytes	MD5: 0x1B73A781F7F5B0D61624BD97050A2ED0 SHA-1: 0x01B848625761D5DEDE115E8599E4C72F126F8A3C
11	%AppData%\Babylon\Setup\HtmlScreens\globe.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\globe.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\globe.png	34,267 bytes	MD5: 0xCC53FB9E9456EB79479151090CB16CBD SHA-1: 0xE61004BF729757F3F225F77F0236B82518F68662
12	%AppData%\Babylon\Setup\HtmlScreens\options.js %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\options.js %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\options.js	119 bytes	MD5: 0x771F230F8BBC96A03B13976667918F1F SHA-1: 0x0FBA422C76B89CDB5D12E657064C49A9B1B7ABAE
13	%AppData%\Babylon\Setup\HtmlScreens\page0.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page0.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page0.html	1,641 bytes	MD5: 0xCF33120DD42CEE842D96532843BB1961 SHA-1: 0x1DB4F3E0AA1E4036A078A05F48FEFDBB8744E3CF
14	%AppData%\Babylon\Setup\HtmlScreens\page2.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page2.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page2.css	2,927 bytes	MD5: 0x085CF46C4D1C8DEA9EDD79EE37D6D5BD SHA-1: 0x30CB66994C45261A4AAA6D9ECDF1B1890ED09B45
15	%AppData%\Babylon\Setup\HtmlScreens\page2.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page2.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page2.html	3,882 bytes	MD5: 0x12152DED3604E8BAAF82C078F8034D60 SHA-1: 0x0867DEC241A257E3E9AD9E8D20B9E06E3BCE7184
16	%AppData%\Babylon\Setup\HtmlScreens\page2Lrg.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page2Lrg.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page2Lrg.css	2,015 bytes	MD5: 0xDB15B568F9D195635B3FCAB87EF6293F SHA-1: 0x6AE0F374531CB3013857880E8469A103492B8393
17	%AppData%\Babylon\Setup\HtmlScreens\page3.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page3.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page3.css	1,064 bytes	MD5: 0x07784AD77F30FA018949E412B2257AAB SHA-1: 0x8595C222A3741BFA83C5A4D982C845C8038062A6
18	%AppData%\Babylon\Setup\HtmlScreens\page3.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page3.html %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page3.html	1,800 bytes	MD5: 0xB23C25988099403433EFB7FB64715676 SHA-1: 0xE833527E1C021B311286E6E2D1C2F0530BE0A565
19	%AppData%\Babylon\Setup\HtmlScreens\page3Lrg.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\page3Lrg.css %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\page3Lrg.css	977 bytes	MD5: 0xB3520C555C46A7020D8F27BFE81DF0CA SHA-1: 0x59398086ABE3987C2A91EDACB74ECA94BBD63D7D
20	%AppData%\Babylon\Setup\HtmlScreens\pBar.gif %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\pBar.gif %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\pBar.gif	3,208 bytes	MD5: 0x26621CB27BBC94F6BAB3561791AC013B SHA-1: 0x4010A489350CF59FD8F36F8E59B53E724C49CC5B
21	%AppData%\Babylon\Setup\HtmlScreens\progress.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\progress.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\progress.png	2,864 bytes	MD5: 0xDEE08D8CBCDEB8013ADF28ECF150AAF3 SHA-1: 0xC61CD9B1BD0127244B9D311F493FC514AA5C08D6
22	%AppData%\Babylon\Setup\HtmlScreens\setup.js %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\setup.js %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\setup.js	13,997 bytes	MD5: 0xA95607CE49FA0AF8ED7A3F5667C3EB31 SHA-1: 0x5E4B5A30E56C42329AFDF216625BF35BE69A82AA
23	%AppData%\Babylon\Setup\HtmlScreens\title.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\title.png %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\title.png	26,111 bytes	MD5: 0x12EF76069CC40B8AD478D9091915DED6 SHA-1: 0xFABAD560B6E6839F9E5AE1268695D11CA35F9D74
24	%AppData%\Babylon\Setup\HtmlScreens\toolBar.jpg %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens\toolBar.jpg %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens\toolBar.jpg	19,693 bytes	MD5: 0x56DC3CB42B46309E642C15167003685D SHA-1: 0x045749DE2C1492E5DFC4C44F9EB6C0FEEFE06B3D
25	%AppData%\Babylon\Setup\IECookieLow.dll %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\IECookieLow.dll %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\IECookieLow.dll	5,120 bytes	MD5: 0xA7A1EFBBF7A8968223D7E49B60625E30 SHA-1: 0x1B2801DD02E9D9B7F27789ED161BC1761943E921
26	%AppData%\Babylon\Setup\Setup-tbmntr903.zpb %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\Setup-tbmntr903.zpb	1,149,080 bytes	MD5: 0x8182E482CE818DD9AB659C5ED2202093 SHA-1: 0x28B82CE08239F0348AE236111821660413657DCD
27	%AppData%\Babylon\Setup\Setup.exe %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Setup.exe	1,769,072 bytes	MD5: 0x3EFF4D0A2DDE24E5AFE250BA50887F2C SHA-1: 0x9ADB9EA752959E6945D58068CBC55FA04662D8AF
28	%AppData%\Babylon\Setup\SetupStrings.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\SetupStrings.dat %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\SetupStrings.dat	65,528 bytes	MD5: 0x07BB1523DC51EC1FD5913B0A70AB98EE SHA-1: 0x216F853CB251F32F5C91345404EFD48F041AD5BD
29	%AppData%\Babylon\Setup\sqlite3.dll %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\sqlite3.dll %Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\sqlite3.dll	520,234 bytes	MD5: 0x0F66E8E2340569FB17E774DAC2010E31 SHA-1: 0x406BB6854E7384FF77C0B847BF2F24F3315874A3
30	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\BabylonObjectInstaller.bao	346,624 bytes	MD5: 0x3F13781D8AF0D9B0495FE4301F71F99A SHA-1: 0x99B7227A5AA4CBE43507266FC2309D52398175A2
31	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\BabylonObjectInstaller.inf	48 bytes	MD5: 0x2B6C8B4FE00F6B220184812D426BC166 SHA-1: 0xE2819547310F0BFDC4F33D1D30A8BC4A6CA533A5
32	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\BabylonTB.xpi	48,639 bytes	MD5: 0x9C755237A70E9AE8047EA9D2A08D5B9B SHA-1: 0xF546F04DEC498C96CBBADF2AE0394F3237035BB9
33	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\BExternal.dll	131,072 bytes	MD5: 0x70FADA5E7784D10D0AF7B1BBC2A293A3 SHA-1: 0x33F8E7E2EA96C286ACFA8624EF28608160A390AC
34	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\MyBabylonTB.exe	1,362,728 bytes	MD5: 0xFBB423C97065AF571AA6FE515B751958 SHA-1: 0x40969E053E001937C71D74EA719F78BF9A5FEF2A
35	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\Setup.exe	1,818,776 bytes	MD5: 0x0A5C0C819AEB95A648B4B25F332CA39A SHA-1: 0x2F7F92F0EEB0C8353BACB26BC12FED71822DE7E9
36	%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\TBConfig.inf	23 bytes	MD5: 0xE6D6DBE1E36A9CCC040369AB905E0D4A SHA-1: 0xF7B40129E12F9F8EC3DAE49D281EA1B8171642C5
37	%Temp%\ICReinstall_[filename of the sample #1] [file and pathname of the sample #1]	1,021,712 bytes	MD5: 0x773049D365865FFE8981ADFAA206ECB8 SHA-1: 0xEED36857A5328A477A28F5747FA72AFE9068CB49
38	%Temp%\is1590112554\109165_Setup.CIS	530,977 bytes	MD5: 0x2F9258ACB673E4C1A00EB3BEB4C8650D SHA-1: 0x3D4A73D29AD11B0A303DA5F67FEA4E5C7B8B32EC
39	%Temp%\is1590112554\109188_Setup.CIS	857,677 bytes	MD5: 0x102EC2F035358995957BC669FF0B03E1 SHA-1: 0x8E7D3F5B5D71BA5DB11AE483D97878A8479B2C6E
40	%Temp%\is1590112554\415908638.cfg	238 bytes	MD5: 0x5AF2D8382C6738196B197EA8654CE6F2 SHA-1: 0xD327E57672082E645C6204EBB5D23FA7843596DD
41	%Temp%\is1590112554\516161446.cfg	238 bytes	MD5: 0x134271CC67D16F258190859C82F3987B SHA-1: 0xEB27B85F7847FA72E1511632A8BB437BFF9543CC
42	%Temp%\is1590112554\822155676.cfg	238 bytes	MD5: 0xC1BAB64C3EEE7875D05995A23A641DD0 SHA-1: 0x108748432FFF155122086FFCC142DFDD5CC346BE
43	%Temp%\is1590112554\923313444.cfg	238 bytes	MD5: 0x4A17E7BA6E12DC8F8AF4E79BF2E436E6 SHA-1: 0x92530DA6D3D77976FF2B1387C5C5DBD60F571BF8
44	%Temp%\is1590112554\MyBabylonTB.exe	862,832 bytes	MD5: 0xD4FE9619462D7613A6750256C94F4589 SHA-1: 0xEB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846
45	%Temp%\ish107593\blank.gif	49 bytes	MD5: 0x56398E76BE6355AD5999B262208A17C9 SHA-1: 0xA1FDEE122B95748D81CEE426D717C05B5174FE96
46	%Temp%\ish107593\css\buttons.css	1,153 bytes	MD5: 0xA84FEE16240DE0D25F1B3EC8DF25A11C SHA-1: 0xFF395834BB8FF730B31C1DAEFC8FF197CE280AD0
47	%Temp%\ish107593\css\ie6_main.css	1,129 bytes	MD5: 0x69B3F7194795871E6EAC286439118DDD SHA-1: 0xE7488B4B7363B011AA82ABBCE84F914E3329750A
48	%Temp%\ish107593\css\main.css	4,346 bytes	MD5: 0xAFF1B740C3A48C23E529E439A46F445A SHA-1: 0xDF7A706D577E51BD54D115620CA5497EB77EDC2E
49	%Temp%\ish107593\css\sdk-ui\browse.css	318 bytes	MD5: 0x10C359BC980927BB66B215407ECE3E66 SHA-1: 0x4A2FC034BF7B4E84D832B6BBD9413D2055B9EC62
50	%Temp%\ish107593\css\sdk-ui\button.css	417 bytes	MD5: 0x37E1FF96E084EC201F0D95FEEF4D5E94 SHA-1: 0x4EC405F2668D5D93260525AD916ABAFA2414CB72
51	%Temp%\ish107593\css\sdk-ui\checkbox.css	190 bytes	MD5: 0x64773C6B0E3413C81AEBC46CCE8C9318 SHA-1: 0x50F84EF8331341B48981AF82313B146863EBA526
52	%Temp%\ish107593\css\sdk-ui\images\button-bg.png	131 bytes	MD5: 0x98B1DE48DFA64DC2AA1E52FACFBEE3B0 SHA-1: 0xA1615C118FBFA49253D98185EAE283F26EA392D7
53	%Temp%\ish107593\css\sdk-ui\images\progress-bg.png	2,845 bytes	MD5: 0x32A6846FE53388EB03BE3ADA2221297F SHA-1: 0x1C1BAEC7B7FE7A420CCF68D3112384B44F8BA89E
54	%Temp%\ish107593\css\sdk-ui\progress-bar.css	632 bytes	MD5: 0x8F6A2E09ACE79158461B82D74FF6C7FD SHA-1: 0x88F079FD001FEB2CB302565B87FDB81C8995DD93
55	%Temp%\ish107593\images\Bg.gif	20,535 bytes	MD5: 0x94D82A50272A4423DCA66AE32E0602CA SHA-1: 0x18A1300C684442BFFB41DCBA54D30C72888F48EC
56	%Temp%\ish107593\images\close_button.png	1,341 bytes	MD5: 0x83487401DAF307D6C726A479DE1EE6F9 SHA-1: 0xC173BE4937A63672570078B325864C76B28040B8
57	%Temp%\ish107593\images\finish-button.png	2,311 bytes	MD5: 0xE37EC66B72996FC3AD929CD068570D4D SHA-1: 0xE21BE5EA412B4DC02B7D3A61AB3A798946224CAE
58	%Temp%\ish107593\images\icon.png	3,999 bytes	MD5: 0xB460D82EAB7AF8BA6E338E351DD0ECDC SHA-1: 0x265B9A3F3C80F40F8534DDCFBF9C1ED61E3B1B20
59	%Temp%\ish107593\images\loader.gif	6,292 bytes	MD5: 0x85954EA60A946E9C41E33260CEE2BBC4 SHA-1: 0xA2B8147953636DE537C66AFB06105A3889A55915
60	%Temp%\ish107593\images\next-button-over.png	2,378 bytes	MD5: 0x23802443DCDD0CB5DCC00F1D3BD9CFE6 SHA-1: 0x513234AEC8111706E7031090BD85F26E524821D8
61	%Temp%\ish107593\images\next-button.png	2,430 bytes	MD5: 0x274548CB843BB96FCB50A79A2340B22D SHA-1: 0xBB5253C868861FF10FD48DCCE1309D847F087E80
62	%Temp%\ish107593\images\progress-bg.png	176 bytes	MD5: 0x192B249D9413082D676F85D1509FE258 SHA-1: 0x4130BA10D3BB2267F19FA07DC0672E6BA23A8C4E
63	%Temp%\ish107593\images\Progress.png	333 bytes	MD5: 0x2306755853711F1CB2F97CFC90440FB8 SHA-1: 0x57D2E50C9F6345D6A81B2D766D31D92ED741F822
64	%Temp%\ish107593\images\ProgressBar.png	266 bytes	MD5: 0x0E0AEAD9873F985325C78C564830B2DA SHA-1: 0x339D70C35D53F322908BE28DD80002379B739921
65	%Temp%\ish107593\license\DE.license.txt	22,437 bytes	MD5: 0x94C7BDCA5F950C087EBF2DCBA0550AC4 SHA-1: 0x504F74335AEECC9DB7984CA1CFA1B694B0A1CE24
66	%Temp%\ish107593\license\EN.license.txt	18,507 bytes	MD5: 0x75A5340D5A321F4F889E7891336A3478 SHA-1: 0x546E8DB4ECBBA7A701D36A3B1B263C9D9B60D384
67	%Temp%\ish107593\locale\EN.locale	2,372 bytes	MD5: 0x4C8238A01DB1AC103D3E876AB77C02EA SHA-1: 0xC4108CB3C4154C28511C71329CC97202024CE962

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%CommonAppData%\Babylon
%AppData%\Babylon
%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535
%AppData%\Babylon\Setup
%AppData%\Babylon\Setup\HtmlScreens
%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\HtmlScreens
%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest
%Temp%\2A12BDD6-BAB0-7891-A4D7-F887F272F535\Latest\HtmlScreens
%Temp%\is1590112554
%Temp%\ish107593
%Temp%\ish107593\css
%Temp%\ish107593\css\sdk-ui
%Temp%\ish107593\css\sdk-ui\images
%Temp%\ish107593\images
%Temp%\ish107593\license
%Temp%\ish107593\locale

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,056,768 bytes
Setup.exe	%Temp%\2a12bdd6-bab0-7891-a4d7-f887f272f535\setup.exe	1,802,240 bytes

Other details

The following ports were open in the system:

Port	Protocol	Process
1056	TCP	[file and pathname of the sample #1]
1059	TCP	[file and pathname of the sample #1]
1060	TCP	[file and pathname of the sample #1]

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
146.185.27.53	80
174.127.102.61	80
23.21.76.148	80

The data identified by the following URLs was then requested from the remote web server:

http://cdneu.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
http://cdneu.flvplayerpro.net/ofr/BabylonToolbarV7.cis
http://cdnus.flvplayerpro.net/ofr/BabylonToolbarV7.cis
http://cdnus.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
http://os.flvplayerpro.net/v1.0.1/?v=2.0&c=1552149909

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.