ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 20 June 2012, 08:42:16
Processing time: 13 min 19 sec
Submitted sample:

File MD5: 0x97CFEC7D97F836694EAA57C480810047
File SHA-1: 0xAE8D20FACD59EBC67AD817FABF8DD1B13821CB15
Filesize: 552,064 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%AppData%\Babylon\log_file.txt	3,367 bytes	MD5: 0x96087313368B16FDA3FA1772A5282CB9 SHA-1: 0xB8C0D36C7730966469572032E23F41A64B99394B
2	%DesktopDir%\Continue Mighty Magoo Activation.lnk	911 bytes	MD5: 0x1D5BF69B053DCEE1840D49A17B9276D1 SHA-1: 0xCC1FA7714C586D891FB6BB8618DF1C0CFBECB8D8
3	%AppData%\Babylon\Setup\5.10.zpb %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\5.10.zpb	446,785 bytes	MD5: 0x453275F83DD084AE698820259C2269EA SHA-1: 0xD61F1B347CDD4E17F00B91917581857DD9EA4195
4	%AppData%\Babylon\Setup\bab033.tbinst.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\bab033.tbinst.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\bab033.tbinst.dat	236 bytes	MD5: 0x1EE8C638E49EE7137607722768AFC5A2 SHA-1: 0x8719D7A498A49B042CD6FC411CAC6C44F3C0F43A
5	%AppData%\Babylon\Setup\bab091.norecovericon.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\bab091.norecovericon.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\bab091.norecovericon.dat	174 bytes	MD5: 0x4F6E1FDBEF102CDBD379FDAC550B9F48 SHA-1: 0x5DA6EE5B88A4040C80E5269E0CD2B0880B20659C
6	%AppData%\Babylon\Setup\babcrmobj.zpb %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\babcrmobj.zpb	325,229 bytes	MD5: 0x45F0AD559142462F19E8066B96F5FF91 SHA-1: 0x59B74376D6B6E9934C02C10F09747823DF868DB9
7	%AppData%\Babylon\Setup\Babylon.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Babylon.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\Babylon.dat	12,848 bytes	MD5: 0xADBB6A655AE518830BA1AFEFDB84668F SHA-1: 0xA1BE53D99A67FFF011EA035C310588E635C718E1
8	%AppData%\Babylon\Setup\BExternal.dll %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\BExternal.dll	129,536 bytes	MD5: 0x5FB8613B7CF68604BB7A1BF2BBCF048D SHA-1: 0x2688CA41771CC9C5B318C60B8E4DAC94D479B00B
9	%AppData%\Babylon\Setup\HtmlScreens\blueStar.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\blueStar.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\blueStar.png	15,198 bytes	MD5: 0xA7FCDF142648BAC756FCFE06A31F42E4 SHA-1: 0x4DF99B119C183C821ED1BF0F825536318C9C3353
10	%AppData%\Babylon\Setup\HtmlScreens\eula.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\eula.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\eula.html	81,185 bytes	MD5: 0x1B73A781F7F5B0D61624BD97050A2ED0 SHA-1: 0x01B848625761D5DEDE115E8599E4C72F126F8A3C
11	%AppData%\Babylon\Setup\HtmlScreens\globe.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\globe.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\globe.png	34,267 bytes	MD5: 0xCC53FB9E9456EB79479151090CB16CBD SHA-1: 0xE61004BF729757F3F225F77F0236B82518F68662
12	%AppData%\Babylon\Setup\HtmlScreens\options.js %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\options.js %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\options.js	119 bytes	MD5: 0x771F230F8BBC96A03B13976667918F1F SHA-1: 0x0FBA422C76B89CDB5D12E657064C49A9B1B7ABAE
13	%AppData%\Babylon\Setup\HtmlScreens\page0.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page0.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page0.html	1,641 bytes	MD5: 0xCF33120DD42CEE842D96532843BB1961 SHA-1: 0x1DB4F3E0AA1E4036A078A05F48FEFDBB8744E3CF
14	%AppData%\Babylon\Setup\HtmlScreens\page2.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page2.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page2.css	2,927 bytes	MD5: 0x085CF46C4D1C8DEA9EDD79EE37D6D5BD SHA-1: 0x30CB66994C45261A4AAA6D9ECDF1B1890ED09B45
15	%AppData%\Babylon\Setup\HtmlScreens\page2.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page2.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page2.html	3,882 bytes	MD5: 0x12152DED3604E8BAAF82C078F8034D60 SHA-1: 0x0867DEC241A257E3E9AD9E8D20B9E06E3BCE7184
16	%AppData%\Babylon\Setup\HtmlScreens\page2Lrg.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page2Lrg.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page2Lrg.css	2,015 bytes	MD5: 0xDB15B568F9D195635B3FCAB87EF6293F SHA-1: 0x6AE0F374531CB3013857880E8469A103492B8393
17	%AppData%\Babylon\Setup\HtmlScreens\page3.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page3.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page3.css	1,064 bytes	MD5: 0x07784AD77F30FA018949E412B2257AAB SHA-1: 0x8595C222A3741BFA83C5A4D982C845C8038062A6
18	%AppData%\Babylon\Setup\HtmlScreens\page3.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page3.html %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page3.html	1,800 bytes	MD5: 0xB23C25988099403433EFB7FB64715676 SHA-1: 0xE833527E1C021B311286E6E2D1C2F0530BE0A565
19	%AppData%\Babylon\Setup\HtmlScreens\page3Lrg.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\page3Lrg.css %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\page3Lrg.css	977 bytes	MD5: 0xB3520C555C46A7020D8F27BFE81DF0CA SHA-1: 0x59398086ABE3987C2A91EDACB74ECA94BBD63D7D
20	%AppData%\Babylon\Setup\HtmlScreens\pBar.gif %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\pBar.gif %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\pBar.gif	3,208 bytes	MD5: 0x26621CB27BBC94F6BAB3561791AC013B SHA-1: 0x4010A489350CF59FD8F36F8E59B53E724C49CC5B
21	%AppData%\Babylon\Setup\HtmlScreens\progress.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\progress.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\progress.png	2,864 bytes	MD5: 0xDEE08D8CBCDEB8013ADF28ECF150AAF3 SHA-1: 0xC61CD9B1BD0127244B9D311F493FC514AA5C08D6
22	%AppData%\Babylon\Setup\HtmlScreens\setup.js %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\setup.js %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\setup.js	13,997 bytes	MD5: 0xA95607CE49FA0AF8ED7A3F5667C3EB31 SHA-1: 0x5E4B5A30E56C42329AFDF216625BF35BE69A82AA
23	%AppData%\Babylon\Setup\HtmlScreens\title.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\title.png %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\title.png	26,111 bytes	MD5: 0x12EF76069CC40B8AD478D9091915DED6 SHA-1: 0xFABAD560B6E6839F9E5AE1268695D11CA35F9D74
24	%AppData%\Babylon\Setup\HtmlScreens\toolBar.jpg %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens\toolBar.jpg %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens\toolBar.jpg	19,693 bytes	MD5: 0x56DC3CB42B46309E642C15167003685D SHA-1: 0x045749DE2C1492E5DFC4C44F9EB6C0FEEFE06B3D
25	%AppData%\Babylon\Setup\IECookieLow.dll %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\IECookieLow.dll %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\IECookieLow.dll	5,120 bytes	MD5: 0xA7A1EFBBF7A8968223D7E49B60625E30 SHA-1: 0x1B2801DD02E9D9B7F27789ED161BC1761943E921
26	%AppData%\Babylon\Setup\Setup-tbmntr903.zpb %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\Setup-tbmntr903.zpb	1,149,080 bytes	MD5: 0x8182E482CE818DD9AB659C5ED2202093 SHA-1: 0x28B82CE08239F0348AE236111821660413657DCD
27	%AppData%\Babylon\Setup\Setup.exe %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Setup.exe	1,769,072 bytes	MD5: 0x3EFF4D0A2DDE24E5AFE250BA50887F2C SHA-1: 0x9ADB9EA752959E6945D58068CBC55FA04662D8AF
28	%AppData%\Babylon\Setup\SetupStrings.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\SetupStrings.dat %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\SetupStrings.dat	65,528 bytes	MD5: 0x07BB1523DC51EC1FD5913B0A70AB98EE SHA-1: 0x216F853CB251F32F5C91345404EFD48F041AD5BD
29	%AppData%\Babylon\Setup\sqlite3.dll %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\sqlite3.dll %Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\sqlite3.dll	520,234 bytes	MD5: 0x0F66E8E2340569FB17E774DAC2010E31 SHA-1: 0x406BB6854E7384FF77C0B847BF2F24F3315874A3
30	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\BabylonObjectInstaller.bao	346,624 bytes	MD5: 0x3F13781D8AF0D9B0495FE4301F71F99A SHA-1: 0x99B7227A5AA4CBE43507266FC2309D52398175A2
31	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\BabylonObjectInstaller.inf	48 bytes	MD5: 0x2B6C8B4FE00F6B220184812D426BC166 SHA-1: 0xE2819547310F0BFDC4F33D1D30A8BC4A6CA533A5
32	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\BabylonTB.xpi	48,639 bytes	MD5: 0x9C755237A70E9AE8047EA9D2A08D5B9B SHA-1: 0xF546F04DEC498C96CBBADF2AE0394F3237035BB9
33	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\BExternal.dll	131,072 bytes	MD5: 0x70FADA5E7784D10D0AF7B1BBC2A293A3 SHA-1: 0x33F8E7E2EA96C286ACFA8624EF28608160A390AC
34	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\MyBabylonTB.exe	1,362,728 bytes	MD5: 0xFBB423C97065AF571AA6FE515B751958 SHA-1: 0x40969E053E001937C71D74EA719F78BF9A5FEF2A
35	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\Setup.exe	1,818,776 bytes	MD5: 0x0A5C0C819AEB95A648B4B25F332CA39A SHA-1: 0x2F7F92F0EEB0C8353BACB26BC12FED71822DE7E9
36	%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\TBConfig.inf	23 bytes	MD5: 0xE6D6DBE1E36A9CCC040369AB905E0D4A SHA-1: 0xF7B40129E12F9F8EC3DAE49D281EA1B8171642C5
37	%Temp%\ICReinstall_[filename of the sample #1] [file and pathname of the sample #1]	552,064 bytes	MD5: 0x97CFEC7D97F836694EAA57C480810047 SHA-1: 0xAE8D20FACD59EBC67AD817FABF8DD1B13821CB15
38	%Temp%\is135653842\108981_Setup.CIS	857,677 bytes	MD5: 0x102EC2F035358995957BC669FF0B03E1 SHA-1: 0x8E7D3F5B5D71BA5DB11AE483D97878A8479B2C6E
39	%Temp%\is135653842\1982203364.cfg	230 bytes	MD5: 0x96AC4460CF925A02C9111E125B49A5ED SHA-1: 0x342AD318A0A51371EAB1D2949D7C8F0A649FF95B
40	%Temp%\is135653842\2041470188.cfg	230 bytes	MD5: 0x60A83A0D7B8E352C360D0163341C33C6 SHA-1: 0xE5F67926DC1C5580527A24C5F4896B84F397B87B
41	%Temp%\is135653842\MyBabylonTB.exe	862,832 bytes	MD5: 0xD4FE9619462D7613A6750256C94F4589 SHA-1: 0xEB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846
42	%Temp%\ish104843\css\ie6_main.css	920 bytes	MD5: 0x94B29BB4559B10F46B6ABE3137D23847 SHA-1: 0x0203BB7EB39ADB1EC29276C5CA7151FBA6749B79
43	%Temp%\ish104843\css\main.css	4,086 bytes	MD5: 0x2F7DEE4FB13F88B95187133BFC182507 SHA-1: 0x990051B4F6ED8BA68B77D661D52C1A7A917071AD
44	%Temp%\ish104843\css\sdk-ui\browse.css	337 bytes	MD5: 0x6009D6E864F60AEA980A9DF94C1F7E1C SHA-1: 0x233D056E36C35E752E8F7A4F5492E012AC7F5D58
45	%Temp%\ish104843\css\sdk-ui\button.css	417 bytes	MD5: 0x37E1FF96E084EC201F0D95FEEF4D5E94 SHA-1: 0x4EC405F2668D5D93260525AD916ABAFA2414CB72
46	%Temp%\ish104843\css\sdk-ui\checkbox.css	190 bytes	MD5: 0x64773C6B0E3413C81AEBC46CCE8C9318 SHA-1: 0x50F84EF8331341B48981AF82313B146863EBA526
47	%Temp%\ish104843\css\sdk-ui\images\button-bg.png	131 bytes	MD5: 0x98B1DE48DFA64DC2AA1E52FACFBEE3B0 SHA-1: 0xA1615C118FBFA49253D98185EAE283F26EA392D7
48	%Temp%\ish104843\css\sdk-ui\images\progress-bg-corner.png	1,636 bytes	MD5: 0x608F1F20CD6CA9936EAA7E8C14F366BE SHA-1: 0x3BF74D0AC61083E97CF3EBD07D86A8F4FED1885B
49	%Temp%\ish104843\css\sdk-ui\images\progress-bg.png	1,105 bytes	MD5: 0xE9F12F92A9EEB8EBE911080721446687 SHA-1: 0x1FB34409373B6CE2ABEE20D60947F1357F30E248
50	%Temp%\ish104843\css\sdk-ui\images\progress-bg2.png	978 bytes	MD5: 0xB582D9A67BFE77D523BA825FD0B9DAE3 SHA-1: 0x347F69357E225AB59D41A8DAFE0732663A7E8C7E
51	%Temp%\ish104843\css\sdk-ui\progress-bar.css	506 bytes	MD5: 0x5335F1C12201B5F7CF5F8B4F5692E3D1 SHA-1: 0x13807A10369F7FF9AB3F9ABA18135BCCB98BEC2D
52	%Temp%\ish104843\csshover3.htc	2,893 bytes	MD5: 0x52FA0DA50BF4B27EE625C80D36C67941 SHA-1: 0x0B2769433E73E3C6C677A5C7294A9A2F45CB8A64
53	%Temp%\ish104843\defaultOffer\images\toolbar.png	3,911 bytes	MD5: 0x8BBEBF07EF6C78DEAB8F91850100A816 SHA-1: 0x47B3978DFFEB1FAC84F6E7BEE3DFA249C0C31E2F
54	%Temp%\ish104843\defaultOffer\offer_code.txt	1,856 bytes	MD5: 0x7B4144DBDE53AFEC68826F47E6C4E015 SHA-1: 0xBBA9D0A256A562E83B11E28928700C18984FDC8A
55	%Temp%\ish104843\defaultOffer\offer_html.txt	2,066 bytes	MD5: 0x9D368AF1F18A29818E33465B66C3EFD1 SHA-1: 0xB634A9B87B33E46F1D4D0575076B8B9A8D8F18F4
56	%Temp%\ish104843\images\BG.png	17,356 bytes	MD5: 0x612A87DD7DA6EAEC11E680A5A6FDCF6E SHA-1: 0x55270A0973A98AC13C805A7EC4F018C13348F4CA
57	%Temp%\ish104843\images\Close.png	925 bytes	MD5: 0x249E564A2AC708877C7FBE9A73ED6B19 SHA-1: 0x65B20A84F59D70B63BB3198B394FD9577741A317
58	%Temp%\ish104843\images\Close_Hover.png	570 bytes	MD5: 0xE8EF8B8BA5A86E4012E1DD61ABCF1446 SHA-1: 0x9539E76E04632B41F58BE1410EE3CC21829B04A9
59	%Temp%\ish104843\images\Color_Button.png	1,152 bytes	MD5: 0x233E3ECAF8B6F0A9F82CA79CCD1788A1 SHA-1: 0x69775C8479F3EC49F8C3817305320A208349938B
60	%Temp%\ish104843\images\Color_Button_Hover.png	1,176 bytes	MD5: 0x9775ECCCBE3A96A4A6FF159C12C5C75A SHA-1: 0x8BED440FF463015C05BF36AE6DAAAF452E0BD392
61	%Temp%\ish104843\images\Games_Pics.jpg	12,780 bytes	MD5: 0x3D508E41C8E160E70B4F2E1A9A66B1BC SHA-1: 0x900E64092E3849CF54BF61957E78D4D78FAF612F
62	%Temp%\ish104843\images\Gray_Button.png	1,150 bytes	MD5: 0x35800B05C4334C3A5CDDF4260AC9D4B9 SHA-1: 0x54AFFC5D79378B688B64171C03434ABE83B5C6C6
63	%Temp%\ish104843\images\Gray_Button_Hover.png	1,218 bytes	MD5: 0x740657C54D80379FC548E0DAABFD7E2A SHA-1: 0x45523AEA7AF7E098ED898031DB8E7E1B1546FB33
64	%Temp%\ish104843\images\loader.gif	22,379 bytes	MD5: 0x360281E85620142C3329848262DA263D SHA-1: 0x032AE1E422AF859D78D172E918573FB0F55318DE
65	%Temp%\ish104843\images\Progress.png	1,295 bytes	MD5: 0x6E729D132F975194C6D3975CAD7D5EE4 SHA-1: 0xCA7D67A9B6A06D7AC20099EECEC71C23EF85ABD8
66	%Temp%\ish104843\images\ProgressBar.png	477 bytes	MD5: 0x830234F26FCE01833C8F74F1829D7717 SHA-1: 0x38207D8CBF96B4E1A7D6182B7DA4B25C31E538DC
67	%Temp%\ish104843\locale\EN.locale	1,149 bytes	MD5: 0xDFC2E6F8E3FB42E67EF02F7DC6E266A0 SHA-1: 0x61FE01B53FCF953B87DA5BDF14614763C1D83C01

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%CommonAppData%\Babylon
%AppData%\Babylon
%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5
%AppData%\Babylon\Setup
%AppData%\Babylon\Setup\HtmlScreens
%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\HtmlScreens
%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest
%Temp%\E39CE5E7-BAB0-7891-9F39-62C5C761C5D5\Latest\HtmlScreens
%Temp%\is135653842
%Temp%\ish104843
%Temp%\ish104843\css
%Temp%\ish104843\css\sdk-ui
%Temp%\ish104843\css\sdk-ui\images
%Temp%\ish104843\defaultOffer
%Temp%\ish104843\defaultOffer\images
%Temp%\ish104843\images
%Temp%\ish104843\locale

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,146,880 bytes
Setup.exe	%Temp%\e39ce5e7-bab0-7891-9f39-62c5c761c5d5\setup.exe	1,802,240 bytes

Other details

The following ports were open in the system:

Port	Protocol	Process
1050	TCP	[file and pathname of the sample #1]
1052	TCP	[file and pathname of the sample #1]
1053	TCP	[file and pathname of the sample #1]
1054	TCP	[file and pathname of the sample #1]

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
146.185.27.45	80
50.19.237.118	80
69.4.239.197	80

The data identified by the following URLs was then requested from the remote web server:

http://cdneu.kitaracdn.com/ofr/BabylonToolbarV7.cis
http://os.kitaracdn.com/v1.0.1/?v=2.0&c=99663441
http://cdnus.kitaracdn.com/ofr/BabylonToolbarV7.cis

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.