Jane2ch - コピー.exe
This report is generated from a file or URL submitted to this webservice on October 12th 2017 01:00:24 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v7.00 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
- Persistence
- Writes data to a remote process
- Fingerprint
-
Reads the active computer name
Reads the cryptographic machine GUID
Reads the windows installation date - Network Behavior
- Contacts 3 domains and 3 hosts. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 4
-
Environment Awareness
-
The input sample contains a known anti-VM trick
- details
- Found VM detection artifact "CPUID trick" in "b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe.bin" (Offset: 2676166)
- source
- Binary File
- relevance
- 5/10
-
The input sample contains a known anti-VM trick
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"<Input Sample>" wrote 32 bytes to a remote process "%PROGRAMFILES%\Internet Explorer\iexplore.exe" (Handle: 1616)
"<Input Sample>" wrote 52 bytes to a remote process "%PROGRAMFILES%\Internet Explorer\iexplore.exe" (Handle: 1616)
"<Input Sample>" wrote 4 bytes to a remote process "%PROGRAMFILES%\Internet Explorer\iexplore.exe" (Handle: 1616) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Network Related
-
Found more than one unique User-Agent
- details
-
Found the following User-Agents: Monazilla/1.00 (JaneStyle/3.83)
JaneStyle/3.83 - source
- Network Traffic
- relevance
- 5/10
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "219.94.155.244" (ASN: , Owner: ): ...
URL: http://tapcreate.jp/ (AV positives: 1/64 scanned on 02/15/2017 04:23:39)
URL: http://aiboku.com/joubashop/shopaccess.html (AV positives: 1/68 scanned on 08/10/2016 04:19:41)
URL: http://shonannoen.com/pdf_files/1445190467.pdf (AV positives: 4/66 scanned on 01/15/2016 19:12:19)
URL: http://rakuichido.sakura.ne.jp/ (AV positives: 1/66 scanned on 11/30/2015 12:37:43)
File SHA256: 146835580a21f4775aa63082055235bd02c0a8d7d4c1d88bfa9bae16c67dd1d4 (Scanned on 04/02/2017 17:49:54)
File SHA256: c84c86223e7d96b9e261080a39026634e059454a630177bf06a05d16d5737c4e (AV positives: 15/57 scanned on 01/15/2016 19:12:22)
File SHA256: ba654cb65f8e3623b910713094e77ec564bb21d8b0a9c5961400b71962ae3465 (AV positives: 1/55 scanned on 12/07/2015 13:11:24)
File SHA256: bff90608318906bda8f556a9692e3690b7aa8d5d2d1be9551a1a77c5eee9bbc0 (AV positives: 3/57 scanned on 04/24/2015 03:54:58)
File SHA256: e280acd6f6e98aa55d5d6faaf9b9bec5cc45306a45760dae8659c48f2a048c84 (AV positives: 7/56 scanned on 12/01/2014 03:58:02)
File SHA256: 3da8c60562d50339aaa2ce5e637e28cd85a4c2aa5b3310c1db9b0c3661638594 (AV positives: 6/55 scanned on 11/23/2014 13:16:22) - source
- Network Traffic
- relevance
- 10/10
-
Found more than one unique User-Agent
-
Suspicious Indicators 20
-
Anti-Detection/Stealthyness
-
Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
- details
-
"<Input Sample>" (Access type: "QUERYVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "DISABLECACHINGOFSSLPAGES"; Value: "00000000040000000400000000000000")
"iexplore.exe" (Access type: "QUERYVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "DISABLECACHINGOFSSLPAGES"; Value: "00000000040000000400000000000000") - source
- Registry Access
- relevance
- 3/10
-
Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
-
Environment Awareness
-
Reads the cryptographic machine GUID
- details
-
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID") - source
- Registry Access
- relevance
- 10/10
-
Reads the windows installation date
- details
- "iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION"; Key: "INSTALLDATE")
- source
- Registry Access
- relevance
- 10/10
-
Reads the cryptographic machine GUID
-
General
-
Opened the service control manager
- details
- "iexplore.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
- source
- API Call
- relevance
- 10/10
-
Requested access to a system service
- details
-
"<Input Sample>" called "OpenService" to access the "ServicesActive" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
"<Input Sample>" called "OpenService" to access the "gpsvc" service
"iexplore.exe" called "OpenService" to access the "Sens" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
"iexplore.exe" called "OpenService" to access the "rasman" service
"iexplore.exe" called "OpenService" to access the "RASMAN" service
"iexplore.exe" called "OpenService" to access the "ServicesActive" service requesting "SERVICE_QUERY_CONFIG" (0X1) access rights
"iexplore.exe" called "OpenService" to access the "WSearch" service - source
- API Call
- relevance
- 10/10
-
Sent a control code to a service
- details
-
"<Input Sample>" called "ControlService" and sent control code "0X24" to the service "gpsvc"
"<Input Sample>" called "ControlService" and sent control code "0XFC" to the service "gpsvc"
"iexplore.exe" called "ControlService" and sent control code "0X24" to the service "WSearch"
"iexplore.exe" called "ControlService" and sent control code "0XDC" to the service "WSearch" - source
- API Call
- relevance
- 10/10
-
Opened the service control manager
-
Installation/Persistance
-
Creates new processes
- details
- "<Input Sample>" is creating a new process (Name: "%PROGRAMFILES%\Internet Explorer\iexplore.exe", Handle: 1616)
- source
- API Call
- relevance
- 8/10
-
Creates new processes
-
Network Related
-
Found potential IP address in binary/memory
- details
- "127.0.0.1"
- source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Contains indicators of bot communication commands
- details
-
"mail=%s&pass=%s&login=%s" (Indicator: "login=")
"DefaultBeLogin=0" (Indicator: "login=") - source
- File/Memory
- relevance
- 10/10
-
Reads terminal service related keys (often RDP related)
- details
- "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
- source
- Registry Access
- relevance
- 10/10
-
Contains indicators of bot communication commands
-
System Security
-
Modifies Software Policy Settings
- details
-
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS")
"<Input Sample>" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS") - source
- Registry Access
- relevance
- 10/10
-
Modifies proxy settings
- details
-
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"<Input Sample>" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS") - source
- Registry Access
- relevance
- 10/10
-
Queries sensitive IE security settings
- details
-
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK") - source
- Registry Access
- relevance
- 8/10
-
Modifies Software Policy Settings
-
Unusual Characteristics
-
Imports suspicious APIs
- details
-
RegDeleteKeyA
RegCloseKey
CryptEncrypt
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
CreateFileMappingA
GetFileAttributesA
GetTempPathA
WriteFile
CopyFileA
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
CreateThread
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetProcAddress
FindFirstFileA
GetComputerNameA
FindNextFileA
CreateFileW
CreateFileA
LockResource
GetCommandLineA
MapViewOfFile
GetModuleHandleA
CreateProcessA
Sleep
FindResourceA
VirtualAlloc
ShellExecuteA
SetWindowsHookExW
GetUpdateRect
GetLastActivePopup
SetKeyboardState
FindWindowExA
SetWindowsHookExA
FindWindowA
GetWindowThreadProcessId
InternetConnectA
InternetCloseHandle
InternetOpenA - source
- Static Parser
- relevance
- 1/10
-
Installs hooks/patches the running process
- details
-
"iexplore.exe" wrote bytes "e99cf3e0f7" to virtual address "0x771AE869" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9efb9d3fa" to virtual address "0x7428388E" (part of module "COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9b34bd2f7" to virtual address "0x7715EC7C" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e955a55df9" to virtual address "0x758C3EAE" (part of module "OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e99ac35af8" to virtual address "0x76A12694" (part of module "COMDLG32.DLL")
"iexplore.exe" wrote bytes "e92e0de2f7" to virtual address "0x7719CF42" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9b29659f8" to virtual address "0x768E9D0B" (part of module "OLE32.DLL")
"iexplore.exe" wrote bytes "e9fc79c9fa" to virtual address "0x74327922" (part of module "COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9b090c9f7" to virtual address "0x7715ABE1" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e954a1e3f7" to virtual address "0x77183B7F" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9395469f9" to virtual address "0x759293FC" (part of module "OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e98b8e6ff9" to virtual address "0x758C5DEE" (part of module "OLEAUT32.DLL")
"iexplore.exe" wrote bytes "4053257758582677186a2677653c27770000000000bf6b750000000056cc6b75000000007cca6b750000000037683f756a2c2777d62d27770000000020693f750000000029a66b7500000000a48d3f7500000000f70e6b7500000000" to virtual address "0x77411000" (part of module "NSI.DLL")
"iexplore.exe" wrote bytes "e9fda46ff9" to virtual address "0x758C4731" (part of module "OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e9ee7e71f8" to virtual address "0x768A6143" (part of module "OLE32.DLL")
"iexplore.exe" wrote bytes "e9652bd5f7" to virtual address "0x7715ADF9" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e937f2e0f7" to virtual address "0x771AE963" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9c20ae2f7" to virtual address "0x7719D274" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e96ff1e0f7" to virtual address "0x771AE9C9" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9e89acef7" to virtual address "0x7715E30C" (part of module "USER32.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Reads information about supported languages
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"iexplore.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409") - source
- Registry Access
- relevance
- 3/10
-
Imports suspicious APIs
-
Hiding 4 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 22
-
Anti-Reverse Engineering
-
PE file contains zero-size sections
- details
-
Raw size of "BSS" is zero
Raw size of ".tls" is zero - source
- Static Parser
- relevance
- 10/10
-
PE file contains zero-size sections
-
Environment Awareness
-
Reads the registry for installed applications
- details
-
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IEXPLORE.EXE")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IEXPLORE.EXE")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IEXPLORE.EXE"; Key: "PATH"; Value: "00000000010000004800000043003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072003B000000")
"iexplore.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IEXPLORE.EXE")
"iexplore.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IEXPLORE.EXE") - source
- Registry Access
- relevance
- 10/10
-
Reads the registry for installed applications
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
-
0/56 Antivirus vendors marked sample as malicious (0% detection rate)
0/40 Antivirus vendors marked sample as malicious (0% detection rate) - source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Accesses Software Policy Settings
- details
-
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS"; Key: "") - source
- Registry Access
- relevance
- 10/10
-
Accesses System Certificates Settings
- details
-
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\MY"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8"; Key: "BLOB")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA"; Key: "BLOB")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FF67367C5CD4DE4AE18BCCE1D70FDABD7C866135"; Key: "BLOB")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\109F1CAED645BB78B3EA2B94C0697C740733031C"; Key: "BLOB")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\D559A586669B08F46A30A133F8A9ED3D038E2EA8"; Key: "BLOB")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"; Key: "BLOB")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS\A377D1B1C0538833035211F4083D00FECC414DAB"; Key: "BLOB")
"<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "") - source
- Registry Access
- relevance
- 10/10
-
Contacts domains
- details
-
"menu.2ch.net"
"janesoft.net"
"api.2ch.net" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"104.20.50.205:443"
"219.94.155.244:80"
"104.20.50.205:80" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\C:-"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"Local\ZonesCounterMutex"
"Local\c:!users!mcreuty!appdata!roaming!microsoft!windows!cookies!"
"Local\ZonesLockedCacheCounterMutex"
"Local\_!MSFTHISTORY!_"
"Local\!IETld!Mutex"
"Local\c:!users!mcreuty!appdata!roaming!microsoft!windows!ietldcache!"
"C:-"
"Local\ZonesCacheCounterMutex"
"Local\c:!users!mcreuty!appdata!local!microsoft!windows!history!history.ie5!"
"Local\ZoneAttributeCacheCounterMutex"
"Local\c:!users!mcreuty!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\!IETld!Mutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!mcreuty!appdata!roaming!microsoft!windows!ietldcache!"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!mcreuty!appdata!roaming!microsoft!windows!cookies!" - source
- Created Mutant
- relevance
- 3/10
-
GETs files from a webserver
- details
-
"GET /bbsmenu.html HTTP/1.1
Connection: close
Host: menu.2ch.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: Monazilla/1.00 (JaneStyle/3.83)"
"GET /janestyle/version.txt HTTP/1.1
Connection: close
Host: janesoft.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: JaneStyle/3.83"
"GET /janestyle/setting.php HTTP/1.1
Connection: close
Host: janesoft.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: JaneStyle/3.83" - source
- Network Traffic
- relevance
- 5/10
-
Launches a browser
- details
-
Launches browser "iexplore.exe" (Show Process)
Launches browser "iexplore.exe" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Process launched with changed environment
- details
- Process "iexplore.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\Internet Explorer;""
- source
- Monitored Target
- relevance
- 10/10
-
Sample shows a variety of benign indicators
- details
- The input file/all extracted files were not detected as malicious and the input file is signed with a validated certificate
- source
- Indicator Combinations
- relevance
- 10/10
-
Scanning for window names
- details
-
"<Input Sample>" searching for class "DDEMLMom"
"<Input Sample>" searching for class "MS_AutodialMonitor"
"<Input Sample>" searching for class "MS_WebCheckMonitor"
"<Input Sample>" searching for class "MS_WINHELP" - source
- API Call
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "iexplore.exe" with commandline "-nohome" (Show Process)
Spawned process "iexplore.exe" with commandline "SCODEF:3316 CREDAT:79873" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE" (SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C; see report for more information)
The input sample is signed with a certificate issued by "CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE" (SHA1: C0:E4:9D:2D:7D:90:A5:CD:42:7F:02:D9:12:56:94:D5:D6:EC:5B:71; see report for more information)
The input sample is signed with a certificate issued by "CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE" (SHA1: 90:00:40:17:77:DD:2B:43:39:3D:7B:59:4D:2F:F4:CB:A4:51:6B:38; see report for more information)
The input sample is signed with a certificate issued by "CN=GlobalSign Timestamping CA - G2, O=GlobalSign nv-sa, C=BE" (SHA1: B3:63:08:B4:D4:CD:ED:4F:CF:BD:66:B9:55:FA:E3:BF:B1:2C:29:E6; see report for more information)
The input sample is signed with a certificate issued by "CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE" (SHA1: 4D:01:85:1E:AA:6C:8C:B5:86:F5:2E:B6:19:AA:42:DA:63:CB:D4:24; see report for more information) - source
- Certificate Data
- relevance
- 10/10
-
The input sample is signed with a valid certificate
- details
- The entire certificate chain of the input sample was validated successfully.
- source
- Certificate Data
- relevance
- 10/10
-
Accesses Software Policy Settings
-
Installation/Persistance
-
Dropped files
- details
-
"jane2ch.brd" has type "Non-ISO extended-ASCII text with CRLF NEL line terminators"
"b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.ini" has type "Non-ISO extended-ASCII text with CRLF LF NEL line terminators"
"attrib.ini" has type "ASCII text with CRLF line terminators"
"bbsmenu.dat" has type "HTML document Non-ISO extended-ASCII text with LF NEL line terminators"
"ImageView.ini" has type "ASCII text with CRLF line terminators"
"bbsmenu.idx" has type "ASCII text with CRLF line terminators"
"{DE313D84-AF23-11E7-B22D-0A002745ABDE}.dat" has type "Composite Document File V2 Document Cannot read section info"
"favorites.dat" has type "Non-ISO extended-ASCII text with CRLF line terminators"
"RecoveryStore.{DE313D83-AF23-11E7-B22D-0A002745ABDE}.dat" has type "Composite Document File V2 Document Cannot read section info" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"<Input Sample>" touched file "%WINDIR%\system32\OLEACCRC.DLL"
"<Input Sample>" touched file "%WINDIR%\Fonts\staticcache.dat"
"<Input Sample>" touched file "%WINDIR%\system32\en-US\user32.dll.mui"
"<Input Sample>" touched file "%WINDIR%\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_en-us_020378a8991bbcc2\comctl32.dll.mui"
"<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
"<Input Sample>" touched file "%WINDIR%\system32\tzres.dll"
"<Input Sample>" touched file "%WINDIR%\system32\en-US\tzres.dll.mui"
"<Input Sample>" touched file "%WINDIR%\system32\en-US\KERNELBASE.dll.mui"
"<Input Sample>" touched file "%WINDIR%\system32\en-US\SETUPAPI.dll.mui"
"<Input Sample>" touched file "%WINDIR%\system32\imageres.dll"
"<Input Sample>" touched file "%WINDIR%\system32\en-US\imageres.dll.mui" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: ".biz
.com
.edu
.gov
.info
.int
.mil
.net
.org"
Pattern match: "http://tkssp.com/2ch/janestyle/160x600"
Heuristic match: "api.2ch.net"
Pattern match: "https://secure.comodo.com/CPS0"
Pattern match: "crl.comodoca4.com/COMODORSADomainValidationSecureServerCA2.crl0"
Pattern match: "crt.comodoca4.com/COMODORSADomainValidationSecureServerCA2.crt0%"
Pattern match: "http://ocsp.comodoca4.com0"
Heuristic match: "ssl425718.cloudflaressl.com"
Heuristic match: "*.2ch.net"
Pattern match: "http://crl.comodoca.com/COMODORSACertificationAuthority.crl0r"
Pattern match: "http://crt.comodoca.com/COMODORSAAddTrustCA.crt0%"
Pattern match: "crl.usertrust.com/AddTrustExternalCARoot.crl05"
Pattern match: "http://ocsp.usertrust.com0"
Heuristic match: "GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net"
Heuristic match: "GET /gscodesigng2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRruLd2WRFk6cRYGFIqkQ4J8hxDogQUCG7YtpyKv%2B0%2B18N0XcyAH6gvUHoCEhEhdUWDP%2BYYQHbA5pRbe81dbA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com"
Pattern match: "https://www.globalsign.com/repository/0"
Heuristic match: "menu.2ch.net"
Heuristic match: "janesoft.net"
Pattern match: "http://janesoft.net/janestyle/"
Heuristic match: ".machi.to"
Heuristic match: "read.so"
Heuristic match: ".2ch.net"
Heuristic match: ".bbspink.com"
Pattern match: "http://jbbs.shitaraba.net/bbs/api/setting.cgi/"
Pattern match: "https://2chv.tora3.net/futen.cgi"
Heuristic match: "2ch.net"
Pattern match: "http://img.2ch.net/"
Pattern match: "http://blog.bbspink.com/"
Pattern match: "https://api.2ch.net/v1/"
Heuristic match: "jbbs.livedoor.jp"
Heuristic match: "jbbs.shitaraba.net"
Pattern match: "http://info.2ch.net/"
Pattern match: "http://find.2ch.net/"
Pattern match: "https://api.2ch.net/v1/auth/"
Pattern match: "www.ime.st/"
Pattern match: "http://www.amazon.co.jp/exec/obidos/external-search/?mode=blended&tag=janestyle-22&field-keywords="
Pattern match: "http://ff2ch.syoboi.jp/?q="
Heuristic match: "bbspink.com"
Heuristic match: "shitaraba.net"
Pattern match: "http://%s/bbs/read.cgi/%s/%s/%s"
Pattern match: "http://%s/test/read.cgi/%s/%s/"
Pattern match: "http://be.2ch.net/test/p.php?i="
Pattern match: "http://search.yahoo.co.jp/search?p=$TEXTU&ei=UTF-8&fr=sb-jane"
Pattern match: "http://janesoft.net/janestyle/setting.php"
Heuristic match: "info.2ch.net"
Pattern match: "http://ime.nu/http://"
Pattern match: "http://ime.nu/"
Pattern match: "http://ime.st/"
Pattern match: "http://nun.nu/?http://"
Heuristic match: ".2ch.net,.bbspink.com"
Heuristic match: ".machibbs.com,.machi.to"
Heuristic match: "jbbs.shitaraba.net,jbbs.livedoor.jp,jbbs.livedoor.com,jbbs.shitaraba.com"
Pattern match: "http://menu.2ch.net/bbsmenu.html"
Pattern match: "http://ff2ch.syoboi.jp/"
Pattern match: "http://janesoft.net/janestyle/version.txt"
Pattern match: "http://jbbs.shitaraba.net/internet/8173/"
Pattern match: "http://jbbs.shitaraba.net/"
Pattern match: "http://jbbs.livedoor.jp/"
Pattern match: "http://be.2ch.net/index.php"
Pattern match: "api.2ch.net/subject/"
Pattern match: "http://be.2ch.net"
Heuristic match: "be.2ch.net"
Pattern match: "http://premium.2ch.net/?id=janestyle"
Pattern match: "http://www.monazilla.org/"
Heuristic match: ".info"
Pattern match: "http://sakots.pekori.jp/OpenJane/"
Pattern match: "http://hogehoge2001.tripod.co.jp/"
Pattern match: "http://www.nevrona.com/Indy/"
Pattern match: "http://www.gzip.org/zlib/"
Pattern match: "http://pc.2ch.net/test/read.cgi/tech/981726544/931-"
Pattern match: "http://www.os.rim.or.jp/~ikeda/"
Pattern match: "http://www.delphi-gems.com/"
Pattern match: "http://sourceforge.net/projects/fastmm"
Pattern match: "http://fastcode.sourceforge.net/"
Pattern match: "http://www.sawatzki.de/"
Pattern match: "http://www.shagrouni.com/english/software/xpmenu.html"
Pattern match: "http://www.tntware.com/delphicontrols/unicode/"
Pattern match: "http://pngdelphi.sourceforge.net/"
Pattern match: "http://www.tolderlund.eu/delphi/"
Pattern match: "http://www.vector.co.jp/soft/win95/prog/se279521.html"
Pattern match: "http://sourceforge.jp/projects/gikonavi/"
Pattern match: "http://homepage1.nifty.com/MADIA/delphi/Effect/index.htm"
Pattern match: "http://homepage1.nifty.com/ht_deko/tech002.html#tech022"
Pattern match: "http://cafe-au-lait.ath.cx/"
Pattern match: "http://hp.vector.co.jp/authors/VA029585/"
Pattern match: "http://www.bsalsa.com/"
Pattern match: "http://pc.2ch.net/test/read.cgi/software/1016729822/630-"
Pattern match: "http://cincinnati7743.hp.infoseek.co.jp/"
Pattern match: "http://www.bb-chat.tv/?2ch_m"
Pattern match: "http://www.2ch.net/"
Pattern match: "http://search.2ch.net/"
Pattern match: "http://dig.2ch.net/"
Pattern match: "http://stat.2ch.net/SPARROW"
Pattern match: "http://o.8ch.net/"
Pattern match: "http://i.2ch.net/"
Pattern match: "http://www.2ch.net/kakolog.html"
Pattern match: "http://8ch.net/"
Pattern match: "find.2ch.net/search"
Pattern match: "http://headline.2ch.net/bbynamazu/"
Pattern match: "http://egg.2ch.net/namazuplus/"
Pattern match: "http://mao.2ch.net/eq/"
Pattern match: "http://himawari.2ch.net/eqplus/"
Pattern match: "http://rio2016.2ch.net/lifeline/"
Pattern match: "http://egg.2ch.net/smartphone/"
Pattern match: "http://matsuri.2ch.net/hawaii/"
Pattern match: "http://matsuri.2ch.net/campus/"
Pattern match: "http://mevius.2ch.net/lovesaloon/"
Pattern match: "http://rio2016.2ch.net/allergy/"
Pattern match: "http://fate.2ch.net/lovelive/"
Pattern match: "http://mao.2ch.net/apple2/"
Pattern match: "http://matsuri.2ch.net/qa/"
Pattern match: "http://be.2ch.net/"
Pattern match: "http://premium.2ch.net/"
Pattern match: "http://medaka.2ch.net/be/"
Pattern match: "http://matsuri.2ch.net/nandemo/"
Pattern match: "http://matsuri.2ch.net/argue/"
Pattern match: "http://headline.2ch.net/bbynews/"
Pattern match: "http://newsnavi.2ch.net/"
Pattern match: "http://hayabusa9.2ch.net/news/"
Pattern match: "http://asahi.2ch.net/newsplus/"
Pattern match: "http://fate.2ch.net/fakenews/"
Pattern match: "http://asahi.2ch.net/fakenewsplus/"
Pattern match: "http://rosie.2ch.net/chinasmog/"
Pattern match: "http://mevius.2ch.net/news2/"
Pattern match: "http://rosie.2ch.net/liveplus/"
Pattern match: "http://hayabusa9.2ch.net/mnewsplus/"
Pattern match: "http://matsuri.2ch.net/musicnews/"
Pattern match: "http://asahi.2ch.net/idolplus/"
Pattern match: "http://fate.2ch.net/seijinewsplus/"
Pattern match: "http://lavender.2ch.net/news4plus/"
Pattern match: "http://lavender.2ch.net/news4plusd/"
Pattern match: "http://egg.2ch.net/asia/"
Pattern match: "http://egg.2ch.net/bizplus/"
Pattern match: "http://egg.2ch.net/ticketplus/"
Pattern match: "http://egg.2ch.net/scienceplus/"
Pattern match: "http://phoebe.bbspink.com/pinkplus/"
Pattern match: "http://mercury.bbspink.com/avplus/"
Pattern match: "http://fate.2ch.net/snsplus/"
Pattern match: "http://egg.2ch.net/wildplus/"
Pattern match: "http://egg.2ch.net/femnewsplus/"
Pattern match: "http://egg.2ch.net/dqnplus/"
Pattern match: "http://egg.2ch.net/moeplus/"
Pattern match: "http://mao.2ch.net/comicnews/"
Pattern match: "http://lavender.2ch.net/gamenews/"
Pattern match: "http://medaka.2ch.net/pcnews/"
Pattern match: "http://egg.2ch.net/owabiplus/"
Pattern match: "http://matsuri.2ch.net/trafficinfo/"
Pattern match: "http://matsuri.2ch.net/news7/"
Pattern match: "http://matsuri.2ch.net/archives/"
Pattern match: "http://matsuri.2ch.net/bakanews/"
Pattern match: "http://mao.2ch.net/editorial/"
Pattern match: "http://rosie.2ch.net/editorialplus/"
Pattern match: "http://rio2016.2ch.net/wikileaks/"
Pattern match: "http://rio2016.2ch.net/kokusai/"
Pattern match: "http://mao.2ch.net/war/"
Pattern match: "http://matsuri.2ch.net/news5/"
Pattern match: "http://rio2016.2ch.net/iraq/"
Pattern match: "http://lavender.2ch.net/africa/"
Pattern match: "http://lavender.2ch.net/europa/"
Pattern match: "http://egg.2ch.net/news5plus/"
Pattern match: "http://rio2016.2ch.net/dejima/"
Pattern match: "http://matsuri.2ch.net/entrance/"
Pattern match: "http://rio2016.2ch.net/entrance2/"
Pattern match: "http://medaka.2ch.net/pcqa/"
Pattern match: "http://info.2ch.net/wiki/"
Pattern match: "http://matsuri.2ch.net/goods/"
Pattern match: "http://egg.2ch.net/gline/"
Pattern match: "http://matsuri.2ch.net/event/"
Pattern match: "http://rio2016.2ch.net/2chse/"
Pattern match: "http://info.2ch.net/rank/"
Pattern match: "http://matsuri.2ch.net/dataroom/"
Pattern match: "http://medaka.2ch.net/vote/"
Pattern match: "http://agree.2ch.net/operate/"
Pattern match: "http://rosie.2ch.net/operatex/"
Pattern match: "http://agree.2ch.net/sec2ch/"
Pattern match: "http://agree.2ch.net/sec2chd/"
Pattern match: "http://qb5.2ch.net/saku2ch/"
Pattern match: "http://qb5.2ch.net/saku/"
Pattern match: "http://agree.2ch.net/sakud/"
Pattern match: "http://agree.2ch.net/sakukb/"
Pattern match: "http://mevius.2ch.net/intro/"
Pattern match: "http://medaka.2ch.net/honobono/"
Pattern match: "http://medaka.2ch.net/yume/"
Pattern match: "http://medaka.2ch.net/offmatrix/"
Pattern match: "http://mao.2ch.net/offreg/"
Pattern match: "http://mevius.2ch.net/offevent/"
Pattern match: "http://mevius.2ch.net/aasaloon/"
Pattern match: "http://mevius.2ch.net/mona/"
Pattern match: "http://mao.2ch.net/nida/"
Pattern match: "http://mevius.2ch.net/aastory/"
Pattern match: "http://mevius.2ch.net/kao/"
Pattern match: "http://egg.2ch.net/mass/"
Pattern match: "http://egg.2ch.net/youth/"
Pattern match: "http://rio2016.2ch.net/disaster/"
Pattern match: "http://egg.2ch.net/119/"
Pattern match: "http://mevius.2ch.net/gender/"
Pattern match: "http://lavender.2ch.net/giin/"
Pattern match: "http://matsuri.2ch.net/manifesto/"
Pattern match: "http://rio2016.2ch.net/police/"
Pattern match: "http://egg.2ch.net/court/"
Pattern match: "http://mao.2ch.net/saibanin/"
Pattern match: "http://rio2016.2ch.net/soc/"
Pattern match: "http://egg.2ch.net/atom/"
Pattern match: "http://rio2016.2ch.net/energy/"
Pattern match: "http://egg.2ch.net/river/"
Pattern match: "http://rio2016.2ch.net/traf/"
Pattern match: "http://mao.2ch.net/way/"
Pattern match: "http://egg.2ch.net/develop/"
Pattern match: "http://rio2016.2ch.net/recruit/"
Pattern match: "http://medaka.2ch.net/job/"
Pattern match: "http://rio2016.2ch.net/volunteer/"
Pattern match: "http://egg.2ch.net/welfare/"
Pattern match: "http://rio2016.2ch.net/mayor/"
Pattern match: "http://mao.2ch.net/ftax/"
Pattern match: "http://rio2016.2ch.net/jsdf/"
Pattern match: "http://mevius.2ch.net/nenga/"
Pattern match: "http://mao.2ch.net/lifework/"
Pattern match: "http://egg.2ch.net/regulate/"
Pattern match: "http://krsw.2ch.net/forex/"
Pattern match: "http://rio2016.2ch.net/venture/"
Pattern match: "http://mevius.2ch.net/manage/"
Pattern match: "http://mao.2ch.net/management/"
Pattern match: "http://mao.2ch.net/estate/"
Pattern match: "http://rio2016.2ch.net/koumu/"
Pattern match: "http://mao.2ch.net/shikaku/"
Pattern match: "http://matsuri.2ch.net/lic/"
Pattern match: "http://mao.2ch.net/haken/"
Pattern match: "http://egg.2ch.net/hoken/"
Pattern match: "http://mevius.2ch.net/tax/"
Pattern match: "http://medaka.2ch.net/exam/"
Pattern match: "http://egg.2ch.net/hosp/"
Pattern match: "http://egg.2ch.net/bio/"
Pattern match: "http://egg.2ch.net/hikari/"
Pattern match: "http://mao.2ch.net/dtp/"
Pattern match: "http://medaka.2ch.net/part/"
Pattern match: "http://egg.2ch.net/koukoku/"
Pattern match: "http://egg.2ch.net/agri/"
Pattern match: "http://mao.2ch.net/build/"
Pattern match: "http://mao.2ch.net/industry/"
Pattern match: "http://matsuri.2ch.net/peko/"
Pattern match: "http://lavender.2ch.net/company/"
Pattern match: "http://rio2016.2ch.net/bouhan/"
Pattern match: "http://mevius.2ch.net/antispam/"
Pattern match: "http://egg.2ch.net/ihan/"
Pattern match: "http://rosie.2ch.net/hokkaido/"
Pattern match: "http://rosie.2ch.net/tohoku/"
Pattern match: "http://rosie.2ch.net/kousinetu/"
Pattern match: "http://rosie.2ch.net/kanto/"
Pattern match: "http://rosie.2ch.net/tokyo/"
Pattern match: "http://rosie.2ch.net/tama/"
Pattern match: "http://rosie.2ch.net/kana/"
Pattern match: "http://rosie.2ch.net/tokai/"
Pattern match: "http://rosie.2ch.net/kinki/"
Pattern match: "http://rosie.2ch.net/osaka/"
Pattern match: "http://rosie.2ch.net/chugoku/"
Pattern match: "http://rosie.2ch.net/sikoku/"
Pattern match: "http://rosie.2ch.net/kyusyu/"
Pattern match: "http://rosie.2ch.net/okinawa/"
Pattern match: "http://matsuri.2ch.net/expo/"
Pattern match: "http://mao.2ch.net/subcal/"
Pattern match: "http://mevius.2ch.net/bun/"
Pattern match: "http://mao.2ch.net/mitemite/"
Pattern match: "http://mevius.2ch.net/poem/"
Pattern match: "http://egg.2ch.net/rongo/"
Pattern match: "http://lavender.2ch.net/movie/"
Pattern match: "http://lavender.2ch.net/cinema/"
Pattern match: "http://fate.2ch.net/endroll/"
Pattern match: "http://rio2016.2ch.net/rmovie/"
Pattern match: "http://rio2016.2ch.net/kinema/"
Pattern match: "http://krsw.2ch.net/netflix/"
Pattern match: "http://krsw.2ch.net/hulu/"
Pattern match: "http://mao.2ch.net/occult/"
Pattern match: "http://fate.2ch.net/kaidan/"
Pattern match: "http://matsuri.2ch.net/esp/"
Pattern match: "http://mevius.2ch.net/sfx/"
Pattern match: "http://rio2016.2ch.net/rsfx/"
Pattern match: "http://lavender.2ch.net/drama/"
Pattern match: "http://lavender.2ch.net/siki/"
Pattern match: "http://mao.2ch.net/fortune/"
Pattern match: "http://mao.2ch.net/uranai/"
Pattern match: "http://matsuri.2ch.net/kyoto/"
Pattern match: "http://lavender.2ch.net/gallery/"
Pattern match: "http://lavender.2ch.net/rakugo/"
Pattern match: "http://egg.2ch.net/ruins/"
Pattern match: "http://fate.2ch.net/cyberpunk/"
Pattern match: "http://egg.2ch.net/emperor/"
Pattern match: "http://fate.2ch.net/spiritual/"
Pattern match: "http://rio2016.2ch.net/rikei/"
Pattern match: "http://rio2016.2ch.net/sci/"
Pattern match: "http://rio2016.2ch.net/life/"
Pattern match: "http://matsuri.2ch.net/bake/"
Pattern match: "http://matsuri.2ch.net/kikai/"
Pattern match: "http://rio2016.2ch.net/denki/"
Pattern match: "http://rio2016.2ch.net/robot/"
Pattern match: "http://matsuri.2ch.net/infosys/"
Pattern match: "http://rio2016.2ch.net/informatics/"
Pattern match: "http://matsuri.2ch.net/sim/"
Pattern match: "http://matsuri.2ch.net/nougaku/"
Pattern match: "http://matsuri.2ch.net/sky/"
Pattern match: "http://rio2016.2ch.net/galileo/"
Pattern match: "http://mao.2ch.net/doctor/"
Pattern match: "http://rio2016.2ch.net/kampo/"
Pattern match: "http://rio2016.2ch.net/math/"
Pattern match: "http://matsuri.2ch.net/doboku/"
Pattern match: "http://matsuri.2ch.net/material/"
Pattern match: "http://mevius.2ch.net/space/"
Pattern match: "http://rio2016.2ch.net/future/"
Pattern match: "http://rio2016.2ch.net/wild/"
Pattern match: "http://fate.2ch.net/plants/"
Pattern match: "http://matsuri.2ch.net/goldenfish/"
Pattern match: "http://matsuri.2ch.net/insect/"
Pattern match: "http://rio2016.2ch.net/earth/"
Pattern match: "http://lavender.2ch.net/psycho/"
Pattern match: "http://lavender.2ch.net/gengo/"
Pattern match: "http://egg.2ch.net/dialect/"
Pattern match: "http://lavender.2ch.net/pedagogy/"
Pattern match: "http://lavender.2ch.net/sociology/"
Pattern match: "http://lavender.2ch.net/economics/"
Pattern match: "http://mevius.2ch.net/book/"
Pattern match: "http://mevius.2ch.net/poetics/"
Pattern match: "http://lavender.2ch.net/history/"
Pattern match: "http://lavender.2ch.net/history2/"
Pattern match: "http://lavender.2ch.net/whis/"
Pattern match: "http://lavender.2ch.net/archeology/"
Pattern match: "http://lavender.2ch.net/min/"
Pattern match: "http://lavender.2ch.net/kobun/"
Pattern match: "http://lavender.2ch.net/english/"
Pattern match: "http://lavender.2ch.net/usa/"
Pattern match: "http://lavender.2ch.net/korea/"
Pattern match: "http://lavender.2ch.net/china/"
Pattern match: "http://lavender.2ch.net/taiwan/"
Pattern match: "http://mevius.2ch.net/myanmar/"
Pattern match: "http://mevius.2ch.net/yangon/"
Pattern match: "http://lavender.2ch.net/geo/"
Pattern match: "http://matsuri.2ch.net/chiri/"
Pattern match: "http://lavender.2ch.net/gogaku/"
Pattern match: "http://lavender.2ch.net/art/"
Pattern match: "http://lavender.2ch.net/philo/"
Pattern match: "http://lavender.2ch.net/jurisp/"
Pattern match: "http://medaka.2ch.net/shihou/"
Pattern match: "http://lavender.2ch.net/kaden/"
Pattern match: "http://matsuri.2ch.net/wm/"
Pattern match: "http://matsuri.2ch.net/vcamera/"
Pattern match: "http://matsuri.2ch.net/bakery/"
Pattern match: "http://rio2016.2ch.net/toilet/"
Pattern match: "http://lavender.2ch.net/sony/"
Pattern match: "http://lavender.2ch.net/phs/"
Pattern match: "http://lavender.2ch.net/keitai/"
Pattern match: "http://krsw.2ch.net/spsaloon/"
Pattern match: "http://fate.2ch.net/ios/"
Pattern match: "http://matsuri.2ch.net/iPhone/"
Pattern match: "http://egg.2ch.net/android/"
Pattern match: "http://lavender.2ch.net/chakumelo/"
Pattern match: "http://hayabusa9.2ch.net/appli/"
Pattern match: "http://egg.2ch.net/applism/"
Pattern match: "http://lavender.2ch.net/dgoods/"
Pattern match: "http://lavender.2ch.net/camera/"
Pattern match: "http://mevius.2ch.net/dcamera/"
Pattern match: "http://mevius.2ch.net/av/"
Pattern match: "http://lavender.2ch.net/pav/"
Pattern match: "http://rio2016.2ch.net/battery/"
Pattern match: "http://mevius.2ch.net/seiji/"
Pattern match: "http://egg.2ch.net/diplomacy/"
Pattern match: "http://egg.2ch.net/trafficpolicy/"
Pattern match: "http://medaka.2ch.net/eco/"
Pattern match: "http://egg.2ch.net/stock/"
Pattern match: "http://mao.2ch.net/stockb/"
Pattern match: "http://medaka.2ch.net/market/"
Pattern match: "http://hayabusa9.2ch.net/livemarket1/"
Pattern match: "http://hayabusa9.2ch.net/livemarket2/"
Pattern match: "http://mao.2ch.net/deal/"
Pattern match: "http://egg.2ch.net/koumei/"
Pattern match: "http://mevius.2ch.net/kyousan/"
Pattern match: "http://egg.2ch.net/sisou/"
Pattern match: "http://egg.2ch.net/kova/"
Pattern match: "http://mao.2ch.net/money/"
Pattern match: "http://matsuri.2ch.net/food/"
Pattern match: "http://matsuri.2ch.net/candy/"
Pattern match: "http://matsuri.2ch.net/juice/"
Pattern match: "http://matsuri.2ch.net/pot/"
Pattern match: "http://matsuri.2ch.net/cook/"
Pattern match: "http://egg.2ch.net/okome/"
Pattern match: "http://mao.2ch.net/yasai/"
Pattern match: "http://rio2016.2ch.net/kinoko/"
Pattern match: "http://krsw.2ch.net/takenoko/"
Pattern match: "http://matsuri.2ch.net/salt/"
Pattern match: "http://mevius.2ch.net/ramen/"
Pattern match: "http://matsuri.2ch.net/nissin/"
Pattern match: "http://matsuri.2ch.net/jnoodle/"
Pattern match: "http://matsuri.2ch.net/sushi/"
Pattern match: "http://matsuri.2ch.net/don/"
Pattern match: "http://matsuri.2ch.net/curry/"
Pattern match: "http://matsuri.2ch.net/bread/"
Pattern match: "http://matsuri.2ch.net/pasta/"
Pattern match: "http://matsuri.2ch.net/kbbq/"
Pattern match: "http://matsuri.2ch.net/konamono/"
Pattern match: "http://matsuri.2ch.net/toba/"
Pattern match: "http://matsuri.2ch.net/gurume/"
Pattern match: "http://matsuri.2ch.net/famires/"
Pattern match: "http://matsuri.2ch.net/jfoods/"
Pattern match: "http://matsuri.2ch.net/bento/"
Pattern match: "http://mevius.2ch.net/sake/"
Pattern match: "http://matsuri.2ch.net/wine/"
Pattern match: "http://mao.2ch.net/beer/"
Pattern match: "http://matsuri.2ch.net/drunk/"
Pattern match: "http://matsuri.2ch.net/recipe/"
Pattern match: "http://matsuri.2ch.net/patissier/"
Pattern match: "http://matsuri.2ch.net/supplement/"
Pattern match: "http://fate.2ch.net/vegetarian/"
Pattern match: "http://rio2016.2ch.net/lifesaloon/"
Pattern match: "http://medaka.2ch.net/kankon/"
Pattern match: "http://rio2016.2ch.net/okiraku/"
Pattern match: "http://rio2016.2ch.net/homealone/"
Pattern match: "http://rio2016.2ch.net/countrylife/"
Pattern match: "http://egg.2ch.net/debt/"
Pattern match: "http://rio2016.2ch.net/inpatient/"
Pattern match: "http://rio2016.2ch.net/sportsclub/"
Pattern match: "http://lavender.2ch.net/bath/"
Pattern match: "http://rio2016.2ch.net/anniversary/"
Pattern match: "http://rio2016.2ch.net/sousai/"
Pattern match: "http://mevius.2ch.net/baby/"
Pattern match: "http://rio2016.2ch.net/kagu/"
Pattern match: "http://rosie.2ch.net/diy/"
Pattern match: "http://rosie.2ch.net/diary/"
Pattern match: "http://medaka.2ch.net/shop/"
Pattern match: "http://egg.2ch.net/hcenter/"
Pattern match: "http://mao.2ch.net/used/"
Pattern match: "http://egg.2ch.net/rental/"
Pattern match: "http://rio2016.2ch.net/trend/"
Pattern match: "http://rio2016.2ch.net/model/"
Pattern match: "http://mevius.2ch.net/fashion/"
Pattern match: "http://mao.2ch.net/underwear/"
Pattern match: "http://rio2016.2ch.net/shoes/"
Pattern match: "http://rio2016.2ch.net/female/"
Pattern match: "http://medaka.2ch.net/diet/"
Pattern match: "http://lavender.2ch.net/mensbeauty/"
Pattern match: "http://egg.2ch.net/aroma/"
Pattern match: "http://rio2016.2ch.net/seikei/"
Pattern match: "http://rio2016.2ch.net/shapeup/"
Pattern match: "http://rio2016.2ch.net/world/"
Pattern match: "http://rio2016.2ch.net/northa/"
Pattern match: "http://rio2016.2ch.net/credit/"
Pattern match: "http://lavender.2ch.net/point/"
Pattern match: "http://matsuri.2ch.net/cafe30/"
Pattern match: "http://mevius.2ch.net/cafe40/"
Pattern match: "http://matsuri.2ch.net/cafe50/"
Pattern match: "http://egg.2ch.net/cafe60/"
Pattern match: "http://lavender.2ch.net/live/"
Pattern match: "http://rio2016.2ch.net/souji/"
Pattern match: "http://rio2016.2ch.net/goki/"
Pattern match: "http://rio2016.2ch.net/radiation/"
Pattern match: "http://mao.2ch.net/kechi2/"
Pattern match: "http://rio2016.2ch.net/chance/"
Pattern match: "http://rio2016.2ch.net/cigaret/"
Pattern match: "http://rio2016.2ch.net/megane/"
Pattern match: "http://rio2016.2ch.net/yuusen/"
Pattern match: "http://rio2016.2ch.net/conv/"
Pattern match: "http://rio2016.2ch.net/sale/"
Pattern match: "http://lavender.2ch.net/stationery/"
Pattern match: "http://rio2016.2ch.net/class/"
Pattern match: "http://mevius.2ch.net/shar/"
Pattern match: "http://medaka.2ch.net/x3/"
Pattern match: "http://matsuri.2ch.net/denpa/"
Pattern match: "http://egg.2ch.net/owarai/"
Pattern match: "http://medaka.2ch.net/2chbook/"
Pattern match: "http://fate.2ch.net/uwasa/"
Pattern match: "http://medaka.2ch.net/charaneta/"
Pattern match: "http://medaka.2ch.net/charaneta2/"
Pattern match: "http://matsuri.2ch.net/mascot/"
Pattern match: "http://rio2016.2ch.net/senji/"
Pattern match: "http://mevius.2ch.net/ex/"
Pattern match: "http://rio2016.2ch.net/x1/"
Pattern match: "http://medaka.2ch.net/gaysaloon/"
Pattern match: "http://mao.2ch.net/nohodame/"
Pattern match: "http://medaka.2ch.net/dame/"
Pattern match: "http://rio2016.2ch.net/loser/"
Pattern match: "http://matsuri.2ch.net/hikky/"
Pattern match: "http://krsw.2ch.net/mental/"
Pattern match: "http://matsuri.2ch.net/single/"
Pattern match: "http://mao.2ch.net/wom/"
Pattern match: "http://mao.2ch.net/sfe/"
Pattern match: "http://medaka.2ch.net/wmotenai/"
Pattern match: "http://matsuri.2ch.net/ms/"
Pattern match: "http://lavender.2ch.net/male/"
Pattern match: "http://matsuri.2ch.net/motetai/"
Pattern match: "http://mevius.2ch.net/motenai/"
Pattern match: "http://rio2016.2ch.net/alone/"
Pattern match: "http://mao.2ch.net/tomorrow/"
Pattern match: "http://medaka.2ch.net/employee/"
Pattern match: "http://rio2016.2ch.net/student/"
Pattern match: "http://mao.2ch.net/otaku/"
Pattern match: "http://matsuri.2ch.net/nendai/"
Pattern match: "http://rio2016.2ch.net/sepia/"
Pattern match: "http://medaka.2ch.net/gag/"
Pattern match: "http://medaka.2ch.net/575/"
Pattern match: "http://medaka.2ch.net/tanka/"
Pattern match: "http://medaka.2ch.net/4649/"
Pattern match: "http://mao.2ch.net/hidari/"
Pattern match: "http://fate.2ch.net/worldskb/"
Pattern match: "http://headline.2ch.net/bbylive/"
Pattern match: "http://headline.2ch.net/bbylivej/"
Pattern match: "http://mao.2ch.net/livesaturn/"
Pattern match: "http://mao.2ch.net/livevenus/"
Pattern match: "http://hawk.2ch.net/livejupiter/"
Pattern match: "http://fate.2ch.net/liveuranus/"
Pattern match: "http://mao.2ch.net/endless/"
Pattern match: "http://himawari.2ch.net/weekly/"
Pattern match: "http://fate.2ch.net/livewar/"
Pattern match: "http://fate.2ch.net/livefield/"
Pattern match: "http://fate.2ch.net/liveelection/"
Pattern match: "http://himawari.2ch.net/livewkwest/"
Pattern match: "http://nhk2.2ch.net/livenhk/"
Pattern match: "http://nhk2.2ch.net/liveetv/"
Pattern match: "http://himawari.2ch.net/liventv/"
Pattern match: "http://himawari.2ch.net/livetbs/"
Pattern match: "http://himawari.2ch.net/livecx/"
Pattern match: "http://himawari.2ch.net/liveanb/"
Pattern match: "http://himawari.2ch.net/livetx/"
Pattern match: "http://fate.2ch.net/livemx/"
Pattern match: "http://agree.2ch.net/liveabema/"
Pattern match: "http://nhk2.2ch.net/livebs/"
Pattern match: "http://tanuki.2ch.net/livebs2/"
Pattern match: "http://himawari.2ch.net/livewowow/"
Pattern match: "http://himawari.2ch.net/liveskyp/"
Pattern match: "http://himawari.2ch.net/liveradio/"
Pattern match: "http://mao.2ch.net/liveanime/"
Pattern match: "http://mao.2ch.net/kokkai/"
Pattern match: "http://mao.2ch.net/dome/"
Pattern match: "http://tanuki.2ch.net/livebase/"
Pattern match: "http://rio2016.2ch.net/livefoot/"
Pattern match: "http://mao.2ch.net/oonna/"
Pattern match: "http://mao.2ch.net/ootoko/"
Pattern match: "http://mao.2ch.net/dancesite/"
Pattern match: "http://mao.2ch.net/festival/"
Pattern match: "http://rio2016.2ch.net/jasmine/"
Pattern match: "http://agree.2ch.net/liveanarchy/"
Pattern match: "http://fate.2ch.net/livesangyou/"
Pattern match: "http://agree.2ch.net/liveyonmoji/"
Pattern match: "http://mao.2ch.net/edu/"
Pattern match: "http://medaka.2ch.net/jsaloon/"
Pattern match: "http://medaka.2ch.net/kouri/"
Pattern match: "http://mao.2ch.net/juku/"
Pattern match: "http://mao.2ch.net/ojyuken/"
Pattern match: "http://mao.2ch.net/senmon/"
Pattern match: "http://mao.2ch.net/design/"
Pattern match: "http://mao.2ch.net/musicology/"
Pattern match: "http://medaka.2ch.net/govexam/"
Pattern match: "http://lavender.2ch.net/hobby/"
Pattern match: "http://matsuri.2ch.net/magic/"
Pattern match: "http://matsuri.2ch.net/puzzle/"
Pattern match: "http://lavender.2ch.net/craft/"
Pattern match: "http://mevius.2ch.net/toy/"
Pattern match: "http://lavender.2ch.net/zoid/"
Pattern match: "http://lavender.2ch.net/watch/"
Pattern match: "http://lavender.2ch.net/smoking/"
Pattern match: "http://matsuri.2ch.net/knife/"
Pattern match: "http://lavender.2ch.net/doll/"
Pattern match: "http://lavender.2ch.net/engei/"
Pattern match: "http://mao.2ch.net/dog/"
Pattern match: "http://mao.2ch.net/pet/"
Pattern match: "http://lavender.2ch.net/aquarium/"
Pattern match: "http://matsuri.2ch.net/cat/"
Pattern match: "http://mevius.2ch.net/army/"
Pattern match: "http://lavender.2ch.net/radio/"
Pattern match: "http://lavender.2ch.net/mokei/"
Pattern match: "http://matsuri.2ch.net/radiocontrol/"
Pattern match: "http://lavender.2ch.net/gun/"
Pattern match: "http://matsuri.2ch.net/fireworks/"
Pattern match: "http://mao.2ch.net/warhis/"
Pattern match: "http://matsuri.2ch.net/chinahero/"
Pattern match: "http://matsuri.2ch.net/sengoku/"
Pattern match: "http://matsuri.2ch.net/nanminhis/"
Pattern match: "http://lavender.2ch.net/dance/"
Pattern match: "http://fate.2ch.net/yoga/"
Pattern match: "http://lavender.2ch.net/bird/"
Pattern match: "http://lavender.2ch.net/collect/"
Pattern match: "http://matsuri.2ch.net/photo/"
Pattern match: "http://agree.2ch.net/oekaki/"
Pattern match: "http://egg.2ch.net/bike/"
Pattern match: "http://krsw.2ch.net/motorbike/"
Pattern match: "http://medaka.2ch.net/car/"
Pattern match: "http://mao.2ch.net/kcar/"
Pattern match: "http://fate.2ch.net/auto/"
Pattern match: "http://mao.2ch.net/usedcar/"
Pattern match: "http://mao.2ch.net/truck/"
Pattern match: "http://mevius.2ch.net/train/"
Pattern match: "http://mevius.2ch.net/rail/"
Pattern match: "http://mao.2ch.net/jnr/"
Pattern match: "http://matsuri.2ch.net/ice/"
Pattern match: "http://matsuri.2ch.net/gage/"
Pattern match: "http://mao.2ch.net/bus/"
Pattern match: "http://lavender.2ch.net/airline/"
Pattern match: "http://mao.2ch.net/sposaloon/"
Pattern match: "http://mao.2ch.net/sports/"
Pattern match: "http://mao.2ch.net/rsports/"
Pattern match: "http://mao.2ch.net/stadium/"
Pattern match: "http://medaka.2ch.net/athletics/"
Pattern match: "http://mao.2ch.net/gymnastics/"
Pattern match: "http://mao.2ch.net/muscle/"
Pattern match: "http://mao.2ch.net/noroma/"
Pattern match: "http://mao.2ch.net/wsports/"
Pattern match: "http://mao.2ch.net/ski/"
Pattern match: "http://mevius.2ch.net/skate/"
Pattern match: "http://mao.2ch.net/swim/"
Pattern match: "http://mao.2ch.net/msports/"
Pattern match: "http://mao.2ch.net/boat/"
Pattern match: "http://mao.2ch.net/birdman/"
Pattern match: "http://medaka.2ch.net/fish/"
Pattern match: "http://mao.2ch.net/bass/"
Pattern match: "http://medaka.2ch.net/bicycle/"
Pattern match: "http://mao.2ch.net/equestrian/"
Pattern match: "http://mao.2ch.net/f1/"
Pattern match: "http://mao.2ch.net/olympic/"
Pattern match: "http://mao.2ch.net/bullseye/"
Pattern match: "http://mao.2ch.net/parksports/"
Pattern match: "http://mao.2ch.net/amespo/"
Pattern match: "http://mao.2ch.net/cheerleading/"
Pattern match: "http://mao.2ch.net/xsports/"
Pattern match: "http://rio2016.2ch.net/base/"
Pattern match: "http://medaka.2ch.net/npb/"
Pattern match: "http://rio2016.2ch.net/meikyu/"
Pattern match: "http://lavender.2ch.net/mlb/"
Pattern match: "http://medaka.2ch.net/hsb/"
Pattern match: "http://medaka.2ch.net/kyozin/"
Pattern match: "http://matsuri.2ch.net/soccer/"
Pattern match: "http://mevius.2ch.net/eleven/"
Pattern match: "http://rio2016.2ch.net/wc/"
Pattern match: "http://matsuri.2ch.net/football/"
Pattern match: "http://medaka.2ch.net/basket/"
Pattern match: "http://mao.2ch.net/tennis/"
Pattern match: "http://mao.2ch.net/volley/"
Pattern match: "http://mao.2ch.net/ovalball/"
Pattern match: "http://mao.2ch.net/pingpong/"
Pattern match: "http://mao.2ch.net/gutter/"
Pattern match: "http://mao.2ch.net/golf/"
Pattern match: "http://mao.2ch.net/billiards/"
Pattern match: "http://mao.2ch.net/ballgame/"
Pattern match: "http://medaka.2ch.net/k1/"
Pattern match: "http://medaka.2ch.net/wres/"
Pattern match: "http://mao.2ch.net/budou/"
Pattern match: "http://medaka.2ch.net/boxing/"
Pattern match: "http://mao.2ch.net/sumou/"
Pattern match: "http://mao.2ch.net/jyudo/"
Pattern match: "http://krsw.2ch.net/mma/"
Pattern match: "http://matsuri.2ch.net/oversea/"
Pattern match: "http://egg.2ch.net/21oversea/"
Pattern match: "http://matsuri.2ch.net/travel/"
Pattern match: "http://matsuri.2ch.net/hotel/"
Pattern match: "http://matsuri.2ch.net/localfoods/"
Pattern match: "http://matsuri.2ch.net/tropical/"
Pattern match: "http://matsuri.2ch.net/onsen/"
Pattern match: "http://mevius.2ch.net/park/"
Pattern match: "http://matsuri.2ch.net/zoo/"
Pattern match: "http://matsuri.2ch.net/museum/"
Pattern match: "http://matsuri.2ch.net/out/"
Pattern match: "http://fate.2ch.net/sapa/"
Pattern match: "http://egg.2ch.net/tvsaloon/"
Pattern match: "http://rio2016.2ch.net/kouhaku/"
Pattern match: "http://mevius.2ch.net/tv/"
Pattern match: "http://matsuri.2ch.net/natsutv/"
Pattern match: "http://lavender.2ch.net/tvd/"
Pattern match: "http://nhk2.2ch.net/nhkdrama/"
Pattern match: "http://matsuri.2ch.net/natsudora/"
Pattern match: "http://egg.2ch.net/kin/"
Pattern match: "http://egg.2ch.net/radiosaloon/"
Pattern match: "http://egg.2ch.net/am/"
Pattern match: "http://rio2016.2ch.net/rradio/"
Pattern match: "http://egg.2ch.net/tv2/"
Pattern match: "http://rio2016.2ch.net/hanryu/"
Pattern match: "http://egg.2ch.net/cs/"
Pattern match: "http://egg.2ch.net/skyp/"
Pattern match: "http://egg.2ch.net/bs/"
Pattern match: "http://nhk2.2ch.net/nhk/"
Pattern match: "http://egg.2ch.net/cm/"
Pattern match: "http://egg.2ch.net/geino/"
Pattern match: "http://egg.2ch.net/celebrity/"
Pattern match: "http://rio2016.2ch.net/4sama/"
Pattern match: "http://egg.2ch.net/kyon2/"
Pattern match: "http://egg.2ch.net/actor/"
Pattern match: "http://egg.2ch.net/actress/"
Pattern match: "http://mevius.2ch.net/geinin/"
Pattern match: "http://medaka.2ch.net/ana/"
Pattern match: "http://egg.2ch.net/ami/"
Pattern match: "http://egg.2ch.net/apple/"
Pattern match: "http://egg.2ch.net/mendol/"
Pattern match: "http://fate.2ch.net/idol/"
Pattern match: "http://egg.2ch.net/geinoj/"
Pattern match: "http://egg.2ch.net/ainotane/"
Pattern match: "http://egg.2ch.net/zurui/"
Pattern match: "http://matsuri.2ch.net/morningcoffee/"
Pattern match: "http://fate.2ch.net/momoclo/"
Pattern match: "http://fate.2ch.net/babymetal/"
Pattern match: "http://krsw.2ch.net/exile/"
Pattern match: "http://egg.2ch.net/smap/"
Pattern match: "http://egg.2ch.net/jan/"
Pattern match: "http://egg.2ch.net/jr/"
Pattern match: "http://egg.2ch.net/jr2/"
Pattern match: "http://rosie.2ch.net/akb/"
Pattern match: "http://fate.2ch.net/akbsaloon/"
Pattern match: "http://lavender.2ch.net/uraidol/"
Pattern match: "http://fate.2ch.net/world48/"
Pattern match: "http://mevius.2ch.net/nogizaka/"
Pattern match: "http://rio2016.2ch.net/keyakizaka46/"
Pattern match: "http://rio2016.2ch.net/ske/"
Pattern match: "http://fate.2ch.net/sdn/"
Pattern match: "http://medaka.2ch.net/nmb/"
Pattern match: "http://krsw.2ch.net/hkt/"
Pattern match: "http://mao.2ch.net/ngt/"
Pattern match: "http://fate.2ch.net/stu/"
Pattern match: "http://krsw.2ch.net/teamcrerekko/"
Pattern match: "http://egg.2ch.net/netidol/"
Pattern match: "http://egg.2ch.net/indieidol/"
Pattern match: "http://egg.2ch.net/mj/"
Pattern match: "http://medaka.2ch.net/pachi/"
Pattern match: "http://medaka.2ch.net/pachij/"
Pattern match: "http://medaka.2ch.net/pachik/"
Pattern match: "http://medaka.2ch.net/slot/"
Pattern match: "http://medaka.2ch.net/slotj/"
Pattern match: "http://egg.2ch.net/slotk/"
Pattern match: "http://lavender.2ch.net/keiba/"
Pattern match: "http://medaka.2ch.net/uma/"
Pattern match: "http://mao.2ch.net/keirin/"
Pattern match: "http://medaka.2ch.net/kyotei/"
Pattern match: "http://mao.2ch.net/autorace/"
Pattern match: "http://mao.2ch.net/gamble/"
Pattern match: "http://mao.2ch.net/loto/"
Pattern match: "http://headline.2ch.net/bbygame1/"
Pattern match: "http://headline.2ch.net/bbygame2/"
Pattern match: "http://headline.2ch.net/bbygame3/"
Pattern match: "http://mevius.2ch.net/gsaloon/"
Pattern match: "http://medaka.2ch.net/gameover/"
Pattern match: "http://medaka.2ch.net/goveract/"
Pattern match: "http://medaka.2ch.net/goverrpg/"
Pattern match: "http://krsw.2ch.net/gamesm/"
Pattern match: "http://rosie.2ch.net/gamerpg/"
Pattern match: "http://krsw.2ch.net/ff/"
Pattern match: "http://medaka.2ch.net/gamesrpg/"
Pattern match: "http://mevius.2ch.net/gamerobo/"
Pattern match: "http://mevius.2ch.net/gal/"
Pattern match: "http://medaka.2ch.net/ggirl/"
Pattern match: "http://medaka.2ch.net/gamespo/"
Pattern match: "http://medaka.2ch.net/gamehis/"
Pattern match: "http://medaka.2ch.net/otoge/"
Pattern match: "http://matsuri.2ch.net/gamefight/"
Pattern match: "http://medaka.2ch.net/gamestg/"
Pattern match: "http://fate.2ch.net/gamef/"
Pattern match: "http://fate.2ch.net/touhou/"
Pattern match: "http://medaka.2ch.net/fly/"
Pattern match: "http://rosie.2ch.net/famicom/"
Pattern match: "http://egg.2ch.net/zgame/"
Pattern match: "http://medaka.2ch.net/retro/"
Pattern match: "http://medaka.2ch.net/retro2/"
Pattern match: "http://medaka.2ch.net/game90/"
Pattern match: "http://mevius.2ch.net/arc/"
Pattern match: "http://egg.2ch.net/rarc/"
Pattern match: "http://medaka.2ch.net/amusement/"
Pattern match: "http://medaka.2ch.net/gecen/"
Pattern match: "http://egg.2ch.net/game/"
Pattern match: "http://mao.2ch.net/gameama/"
Pattern match: "http://rio2016.2ch.net/gameswf/"
Pattern match: "http://medaka.2ch.net/cgame/"
Pattern match: "http://egg.2ch.net/tcg/"
Pattern match: "http://mevius.2ch.net/bgame/"
Pattern match: "http://medaka.2ch.net/gamestones/"
Pattern match: "http://medaka.2ch.net/quiz/"
Pattern match: "http://krsw.2ch.net/ghard/"
Pattern match: "http://fate.2ch.net/hunter/"
Pattern match: "http://medaka.2ch.net/gameurawaza/"
Pattern match: "http://medaka.2ch.net/gamechara/"
Pattern match: "http://medaka.2ch.net/gamemusic/"
Pattern match: "http://krsw.2ch.net/minecraft/"
Pattern match: "http://krsw.2ch.net/aimasu/"
Pattern match: "http://fate.2ch.net/yugioh/"
Pattern match: "http://krsw.2ch.net/pokego/"
Pattern match: "http://krsw.2ch.net/steam/"
Pattern match: "http://lavender.2ch.net/card/"
Pattern match: "http://krsw.2ch.net/handygame/"
Pattern match: "http://medaka.2ch.net/handygover/"
Pattern match: "http://mevius.2ch.net/handygrpg/"
Pattern match: "http://medaka.2ch.net/poke/"
Pattern match: "http://medaka.2ch.net/wifi/"
Pattern match: "http://medaka.2ch.net/rhandyg/"
Pattern match: "http://medaka.2ch.net/pokechara/"
Pattern match: "http://mao.2ch.net/mmonews/"
Pattern match: "http://medaka.2ch.net/mmoqa/"
Pattern match: "http://matsuri.2ch.net/ogame/"
Pattern match: "http://lavender.2ch.net/ogame2/"
Pattern match: "http://lavender.2ch.net/ogame3/"
Pattern match: "http://medaka.2ch.net/mmosaloon/"
Pattern match: "http://krsw.2ch.net/netgame/"
Pattern match: "http://mevius.2ch.net/mmo/"
Pattern match: "http://medaka.2ch.net/mmominor/"
Pattern match: "http://egg.2ch.net/pso/"
Pattern match: "http://egg.2ch.net/dqo/"
Pattern match: "http://egg.2ch.net/ffo/"
Pattern match: "http://lavender.2ch.net/asaloon/"
Pattern match: "http://rio2016.2ch.net/anime4vip/"
Pattern match: "http://rosie.2ch.net/anime/"
Pattern match: "http://matsuri.2ch.net/anime2/"
Pattern match: "http://mao.2ch.net/anime3/"
Pattern match: "http://fate.2ch.net/antianime/"
Pattern match: "http://mao.2ch.net/ranime/"
Pattern match: "http://mao.2ch.net/ranimeh/"
Pattern match: "http://medaka.2ch.net/animovie/"
Pattern match: "http://mao.2ch.net/anichara/"
Pattern match: "http://matsuri.2ch.net/anichara2/"
Pattern match: "http://medaka.2ch.net/cosp/"
Pattern match: "http://krsw.2ch.net/cosplayer/"
Pattern match: "http://rio2016.2ch.net/voice/"
Pattern match: "http://matsuri.2ch.net/voiceactor/"
Pattern match: "http://medaka.2ch.net/doujin/"
Pattern match: "http://rio2016.2ch.net/comiket/"
Pattern match: "http://medaka.2ch.net/csaloon/"
Pattern match: "http://fate.2ch.net/comic/"
Pattern match: "http://medaka.2ch.net/rcomic/"
Pattern match: "http://medaka.2ch.net/ymag/"
Pattern match: "http://matsuri.2ch.net/wcomic/"
Pattern match: "http://medaka.2ch.net/gcomic/"
Pattern match: "http://medaka.2ch.net/4koma/"
Pattern match: "http://medaka.2ch.net/cchara/"
Pattern match: "http://mao.2ch.net/sakura/"
Pattern match: "http://mao.2ch.net/eva/"
Pattern match: "http://medaka.2ch.net/cartoon/"
Pattern match: "http://medaka.2ch.net/iga/"
Pattern match: "http://mevius.2ch.net/bookall/"
Pattern match: "http://matsuri.2ch.net/magazin/"
Pattern match: "http://mevius.2ch.net/mystery/"
Pattern match: "http://mevius.2ch.net/sf/"
Pattern match: "http://rio2016.2ch.net/litechara/"
Pattern match: "http://mevius.2ch.net/zassi/"
Pattern match: "http://mevius.2ch.net/books/"
Pattern match: "http://rio2016.2ch.net/ebooks/"
Pattern match: "http://mevius.2ch.net/ehon/"
Pattern match: "http://mevius.2ch.net/juvenile/"
Pattern match: "http://mevius.2ch.net/illustrator/"
Pattern match: "http://krsw.2ch.net/idolmaster/"
Pattern match: "http://medaka.2ch.net/magicalgirls/"
Pattern match: "http://lavender.2ch.net/msaloon/"
Pattern match: "http://lavender.2ch.net/mjsaloon/"
Pattern match: "http://lavender.2ch.net/musicj/"
Pattern match: "http://lavender.2ch.net/musicjm/"
Pattern match: "http://lavender.2ch.net/musicjf/"
Pattern match: "http://mevius.2ch.net/musicjg/"
Pattern match: "http://rio2016.2ch.net/natsumeloj/"
Pattern match: "http://lavender.2ch.net/enka/"
Pattern match: "http://lavender.2ch.net/mesaloon/"
Pattern match: "http://lavender.2ch.net/musice/"
Pattern match: "http://matsuri.2ch.net/natsumeloe/"
Pattern match: "http://lavender.2ch.net/music/"
Pattern match: "http://rio2016.2ch.net/beatles/"
Pattern match: "http://egg.2ch.net/visual/"
Pattern match: "http://mevius.2ch.net/visualb/"
Pattern match: "http://lavender.2ch.net/dj/"
Pattern match: "http://lavender.2ch.net/disco/"
Pattern match: "http://lavender.2ch.net/randb/"
Pattern match: "http://lavender.2ch.net/punk/"
Pattern match: "http://lavender.2ch.net/hrhm/"
Pattern match: "http://lavender.2ch.net/hiphop/"
Pattern match: "http://lavender.2ch.net/techno/"
Pattern match: "http://lavender.2ch.net/progre/"
Pattern match: "http://matsuri.2ch.net/healmusic/"
Pattern match: "http://lavender.2ch.net/wmusic/"
Pattern match: "http://egg.2ch.net/reggae/"
Pattern match: "http://lavender.2ch.net/classic/"
Pattern match: "http://matsuri.2ch.net/fusion/"
Pattern match: "http://lavender.2ch.net/classical/"
Pattern match: "http://lavender.2ch.net/contemporary/"
Pattern match: "http://lavender.2ch.net/nika/"
Pattern match: "http://lavender.2ch.net/suisou/"
Pattern match: "http://matsuri.2ch.net/chorus/"
Pattern match: "http://lavender.2ch.net/doyo/"
Pattern match: "http://medaka.2ch.net/asong/"
Pattern match: "http://matsuri.2ch.net/soundtrack/"
Pattern match: "http://lavender.2ch.net/karaok/"
Pattern match: "http://lavender.2ch.net/legend/"
Pattern match: "http://lavender.2ch.net/minor/"
Pattern match: "http://matsuri.2ch.net/band/"
Pattern match: "http://lavender.2ch.net/compose/"
Pattern match: "http://matsuri.2ch.net/piano/"
Pattern match: "http://fate.2ch.net/hogaku/"
Pattern match: "http://rio2016.2ch.net/healing/"
Pattern match: "http://rio2016.2ch.net/jinsei/"
Pattern match: "http://rio2016.2ch.net/psy/"
Pattern match: "http://rio2016.2ch.net/body/"
Pattern match: "http://fate.2ch.net/keihatsu/"
Pattern match: "http://rio2016.2ch.net/stretch/"
Pattern match: "http://mao.2ch.net/handicap/"
Pattern match: "http://mao.2ch.net/cancer/"
Pattern match: "http://rio2016.2ch.net/nanbyou/"
Pattern match: "http://matsuri.2ch.net/infection/"
Pattern match: "http://mevius.2ch.net/hiv/"
Pattern match: "http://rio2016.2ch.net/atopi/"
Pattern match: "http://rio2016.2ch.net/hage/"
Pattern match: "http://mevius.2ch.net/pure/"
Pattern match: "http://mevius.2ch.net/furin/"
Pattern match: "http://mevius.2ch.net/gay/"
Pattern match: "http://mevius.2ch.net/utu/"
Pattern match: "http://mevius.2ch.net/break/"
Pattern match: "http://headline.2ch.net/bbymobile/"
Pattern match: "http://mao.2ch.net/pc2nanmin/"
Pattern match: "http://mevius.2ch.net/win/"
Pattern match: "http://mao.2ch.net/jobs/"
Pattern match: "http://egg.2ch.net/mac/"
Pattern match: "http://medaka.2ch.net/os/"
Pattern match: "http://mevius.2ch.net/desktop/"
Pattern match: "http://medaka.2ch.net/pc/"
Pattern match: "http://egg.2ch.net/notepc/"
Pattern match: "http://egg.2ch.net/jisaku/"
Pattern match: "http://medaka.2ch.net/printer/"
Pattern match: "http://mevius.2ch.net/hard/"
Pattern match: "http://mevius.2ch.net/cdr/"
Pattern match: "http://egg.2ch.net/software/"
Pattern match: "http://egg.2ch.net/mobile/"
Pattern match: "http://mevius.2ch.net/bsoft/"
Pattern match: "http://mevius.2ch.net/unix/"
Pattern match: "http://mevius.2ch.net/db/"
Pattern match: "http://mao.2ch.net/linux/"
Pattern match: "http://medaka.2ch.net/prog/"
Pattern match: "http://mevius.2ch.net/tech/"
Pattern match: "http://mevius.2ch.net/cg/"
Pattern match: "http://egg.2ch.net/dtm/"
Pattern match: "http://mevius.2ch.net/avi/"
Pattern match: "http://mevius.2ch.net/swf/"
Pattern match: "http://mevius.2ch.net/gamedev/"
Pattern match: "http://matsuri.2ch.net/i4004/"
Pattern match: "http://mevius.2ch.net/internet/"
Pattern match: "http://lavender.2ch.net/download/"
Pattern match: "http://mevius.2ch.net/hp/"
Pattern match: "http://mevius.2ch.net/affiliate/"
Pattern match: "http://mevius.2ch.net/hosting/"
Pattern match: "http://mao.2ch.net/mysv/"
Pattern match: "http://medaka.2ch.net/php/"
Pattern match: "http://mevius.2ch.net/hack/"
Pattern match: "http://medaka.2ch.net/sec/"
Pattern match: "http://mao.2ch.net/network/"
Pattern match: "http://fate.2ch.net/cryptocoin/"
Pattern match: "http://mevius.2ch.net/friend/"
Pattern match: "http://mao.2ch.net/isp/"
Pattern match: "http://mao.2ch.net/netspot/"
Pattern match: "http://medaka.2ch.net/nifty/"
Pattern match: "http://mevius.2ch.net/google/"
Pattern match: "http://mao.2ch.net/mmag/"
Pattern match: "http://rosie.2ch.net/nanmin/"
Pattern match: "http://mao.2ch.net/ad/"
Pattern match: "http://mevius.2ch.net/esite/"
Pattern match: "http://egg.2ch.net/streaming/"
Pattern match: "http://mao.2ch.net/mstreaming/"
Pattern match: "http://lavender.2ch.net/mdis/"
Pattern match: "http://mao.2ch.net/netradio/"
Pattern match: "http://mevius.2ch.net/blog/"
Pattern match: "http://egg.2ch.net/sns/"
Pattern match: "http://lavender.2ch.net/net/"
Pattern match: "http://rio2016.2ch.net/twwatch/"
Pattern match: "http://fate.2ch.net/watchbakusai/"
Pattern match: "http://egg.2ch.net/yahoo/"
Pattern match: "http://medaka.2ch.net/nntp/"
Pattern match: "http://fate.2ch.net/starwars/"
Pattern match: "http://matsuri.2ch.net/bobby/"
Pattern match: "http://egg.2ch.net/lobby/"
Pattern match: "http://matsuri.2ch.net/maru/"
Pattern match: "http://lavender.2ch.net/mog2/"
Pattern match: "http://matsuri.2ch.net/mukashi/"
Pattern match: "http://mevius.2ch.net/kitchen/"
Pattern match: "http://egg.2ch.net/tubo/"
Pattern match: "http://matsuri.2ch.net/joke/"
Pattern match: "http://egg.2ch.net/shugi/"
Pattern match: "http://egg.2ch.net/rights/"
Pattern match: "http://agree.2ch.net/anarchy/"
Pattern match: "http://mao.2ch.net/accuse/"
Pattern match: "http://mao.2ch.net/ranking/"
Pattern match: "http://egg.2ch.net/record/"
Pattern match: "http://rosie.2ch.net/siberia/"
Pattern match: "http://hebi.2ch.net/news4vip/"
Pattern match: "http://hayabusa9.2ch.net/news4viptasu/"
Pattern match: "http://leia.2ch.net/poverty/"
Pattern match: "http://fate.2ch.net/poverlution/"
Pattern match: "http://agree.2ch.net/news4anarchy/"
Pattern match: "http://egg.2ch.net/heaven4vip/"
Pattern match: "http://egg.2ch.net/neet4vip/"
Pattern match: "http://mao.2ch.net/aniki/"
Pattern match: "http://egg.2ch.net/frenchfry/"
Pattern match: "http://agree.2ch.net/anime8/"
Pattern match: "http://agree.2ch.net/book8/"
Pattern match: "http://agree.2ch.net/carcom8/"
Pattern match: "http://agree.2ch.net/comp8/"
Pattern match: "http://agree.2ch.net/food8/"
Pattern match: "http://agree.2ch.net/games8/"
Pattern match: "http://agree.2ch.net/img8/"
Pattern match: "http://agree.2ch.net/lang8/"
Pattern match: "http://agree.2ch.net/lounge8/"
Pattern match: "http://agree.2ch.net/music8/"
Pattern match: "http://agree.2ch.net/neet4vip8/"
Pattern match: "http://agree.2ch.net/vip8/"
Pattern match: "http://agree.2ch.net/newnew8/"
Pattern match: "http://agree.2ch.net/newpol8/"
Pattern match: "http://agree.2ch.net/prog8/"
Pattern match: "http://agree.2ch.net/poverty8/"
Pattern match: "http://agree.2ch.net/sci8/"
Pattern match: "http://agree.2ch.net/sjis8/"
Pattern match: "http://agree.2ch.net/sports8/"
Pattern match: "http://agree.2ch.net/tech8/"
Pattern match: "http://agree.2ch.net/tele8/"
Pattern match: "http://headline.2ch.net/bbyanarchy/"
Pattern match: "http://egg.2ch.net/sugiuraayano/"
Pattern match: "http://agree.2ch.net/akari/"
Pattern match: "http://hayabusa9.2ch.net/hayabusa8tr/"
Pattern match: "http://egg.2ch.net/matsumotorise/"
Pattern match: "http://egg.2ch.net/gorakubu/"
Pattern match: "http://himawari.2ch.net/himawari/"
Pattern match: "http://agree.2ch.net/mango/"
Pattern match: "http://info.2ch.net/?curid=2078"
Pattern match: "http://www.bbspink.com/"
Pattern match: "http://ronin.bbspink.com/"
Pattern match: "http://nyan.bbspink.com/"
Pattern match: "http://update.bbspink.com/"
Pattern match: "http://headline.2ch.net/bbypinkH0/"
Pattern match: "http://headline.2ch.net/bbypinkH1/"
Pattern match: "http://headline.2ch.net/bbypinkH2/"
Pattern match: "http://headline.2ch.net/bbypinkH3/"
Pattern match: "http://headline.2ch.net/bbypinkH4/"
Pattern match: "http://headline.2ch.net/bbypinkH5/"
Pattern match: "http://mercury.bbspink.com/hnews/"
Pattern match: "http://mercury.bbspink.com/pinkj/"
Pattern match: "http://mercury.bbspink.com/news4pink/"
Pattern match: "http://mercury.bbspink.com/pinkqa/"
Pattern match: "http://mercury.bbspink.com/sureh/"
Pattern match: "http://mercury.bbspink.com/erolive/"
Pattern match: "http://mercury.bbspink.com/xvideos/"
Pattern match: "http://mercury.bbspink.com/dmm/"
Pattern match: "http://phoebe.bbspink.com/hneta/"
Pattern match: "http://mercury.bbspink.com/pinkcafe/"
Pattern match: "http://mercury.bbspink.com/eromog2/"
Pattern match: "http://mercury.bbspink.com/ogefin/"
Pattern match: "http://mercury.bbspink.com/bishojo/"
Pattern match: "http://mercury.bbspink.com/dere/"
Pattern match: "http://phoebe.bbspink.com/801saloon/"
Pattern match: "http://phoebe.bbspink.com/pinknanmin/"
Pattern match: "http://mercury.bbspink.com/erobbs/"
Pattern match: "http://mercury.bbspink.com/housekeeping/"
Pattern match: "http://mercury.bbspink.com/ccc/"
Pattern match: "http://mercury.bbspink.com/yama/"
Pattern match: "http://mercury.bbspink.com/21oversea2/"
Pattern match: "http://phoebe.bbspink.com/hgame/"
Pattern match: "http://phoebe.bbspink.com/hgame2/"
Pattern match: "http://mercury.bbspink.com/erog/"
Pattern match: "http://mercury.bbspink.com/leaf/"
Pattern match: "http://phoebe.bbspink.com/gagame/"
Pattern match: "http://mercury.bbspink.com/adultsite/"
Pattern match: "http://mercury.bbspink.com/webmaster/"
Pattern match: "http://mercury.bbspink.com/avideo/"
Pattern match: "http://mercury.bbspink.com/avideo2/"
Pattern match: "http://mercury.bbspink.com/debut/"
Pattern match: "http://mercury.bbspink.com/nude/"
Pattern match: "http://mercury.bbspink.com/eroanime/"
Pattern match: "http://mercury.bbspink.com/erocomic/"
Pattern match: "http://mercury.bbspink.com/erodoujin/"
Pattern match: "http://mercury.bbspink.com/natuero/"
Pattern match: "http://mercury.bbspink.com/kgirls/"
Pattern match: "http://mercury.bbspink.com/erocosp/"
Pattern match: "http://mercury.bbspink.com/butler/"
Pattern match: "http://mercury.bbspink.com/maid/"
Pattern match: "http://mercury.bbspink.com/eroacademy/"
Pattern match: "http://mercury.bbspink.com/mcheck/"
Pattern match: "http://mercury.bbspink.com/couple/"
Pattern match: "http://mercury.bbspink.com/kageki/"
Pattern match: "http://mercury.bbspink.com/kageki2/"
Pattern match: "http://mercury.bbspink.com/onatech/"
Pattern match: "http://mercury.bbspink.com/loveho/"
Pattern match: "http://mercury.bbspink.com/adultgoods/"
Pattern match: "http://mercury.bbspink.com/adultaccessory/"
Pattern match: "http://mercury.bbspink.com/lovedoll/"
Pattern match: "http://mercury.bbspink.com/sm/"
Pattern match: "http://mercury.bbspink.com/feti/"
Pattern match: "http://mercury.bbspink.com/feet/"
Pattern match: "http://mercury.bbspink.com/armpits/"
Pattern match: "http://mercury.bbspink.com/uniform/"
Pattern match: "http://mercury.bbspink.com/eyes/"
Pattern match: "http://mercury.bbspink.com/glasses/"
Pattern match: "http://mercury.bbspink.com/swimsuit/"
Pattern match: "http://mercury.bbspink.com/hitozuma/"
Pattern match: "http://mercury.bbspink.com/mature/"
Pattern match: "http://mercury.bbspink.com/cougar/"
Pattern match: "http://mercury.bbspink.com/pregnant/"
Pattern match: "http://mercury.bbspink.com/senpai/"
Pattern match: "http://mercury.bbspink.com/sensei/"
Pattern match: "http://mercury.bbspink.com/mom/"
Pattern match: "http://mercury.bbspink.com/okama/"
Pattern match: "http://mercury.bbspink.com/gaypink/"
Pattern match: "http://mercury.bbspink.com/lesbian/"
Pattern match: "http://mercury.bbspink.com/brocon/"
Pattern match: "http://mercury.bbspink.com/siscon/"
Pattern match: "http://mercury.bbspink.com/eroaa/"
Pattern match: "http://mercury.bbspink.com/erochara/"
Pattern match: "http://mercury.bbspink.com/erochara2/"
Pattern match: "http://mercury.bbspink.com/801/"
Pattern match: "http://mercury.bbspink.com/futanari/"
Pattern match: "http://mercury.bbspink.com/erocg/"
Pattern match: "http://mercury.bbspink.com/eroparo/"
Pattern match: "http://mercury.bbspink.com/makeup/"
Pattern match: "http://mercury.bbspink.com/plastic/"
Pattern match: "http://phoebe.bbspink.com/ascii/"
Pattern match: "http://mercury.bbspink.com/ascii2d/"
Pattern match: "http://phoebe.bbspink.com/ascii2kana/"
Pattern match: "http://mercury.bbspink.com/girls/"
Pattern match: "http://mercury.bbspink.com/sportgirls/"
Pattern match: "http://phoebe.bbspink.com/club/"
Pattern match: "http://phoebe.bbspink.com/pub/"
Pattern match: "http://mercury.bbspink.com/host/"
Pattern match: "http://phoebe.bbspink.com/nuki/"
Pattern match: "http://phoebe.bbspink.com/soap/"
Pattern match: "http://mercury.bbspink.com/neet4pink/"
Pattern match: "http://phoebe.bbspink.com/cherryboy/"
Pattern match: "http://phoebe.bbspink.com/megami/"
Pattern match: "http://mercury.bbspink.com/livemegami/"
Pattern match: "http://phoebe.bbspink.com/meow/"
Pattern match: "http://phoebe.bbspink.com/mobpink/"
Pattern match: "http://phoebe.bbspink.com/3shuchaku/"
Pattern match: "http://mercury.bbspink.com/scat/"
Pattern match: "http://mercury.bbspink.com/bukkake/"
Pattern match: "http://mercury.bbspink.com/tentacle/"
Pattern match: "http://phoebe.bbspink.com/bbbb/" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"<A HREF=http://egg.2ch.net/streaming/>YouTube</A><br>" (Indicator: "youtube")
"egg.2ch.netstreamingYouTube" (Indicator: "youtube") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
Unusual Characteristics
-
Found Delphi 4 - Delphi 2006 artifact
- details
- "b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe.bin" has a PE timestamp using the buggy magic timestamp 0x2A425E19.
- source
- Static Parser
- relevance
- 10/10
-
Matched Compiler/Packer signature
- details
- "b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe.bin" was detected as "BobSoft Mini Delphi -> BoB / BobSoft"
- source
- Static Parser
- relevance
- 10/10
-
Found Delphi 4 - Delphi 2006 artifact
File Details
Jane2ch - コピー.exe
- Filename
- Jane2ch - コピー.exe
- Size
- 3.6MiB (3726504 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7
- MD5
- cf7e9c0cda1572c41919799813447cf3
- SHA1
- 2f4b7734cb2310d3eea1b456cd11eb5e061db506
- ssdeep
- 49152:+97DpEG+Gk5GPXnkt60K3++Kw7BRm3o+XQYOWKGZq:+5XMl49BRm3o+ABHGk
- imphash
- 0175cec28d966141dfa50d5dfbba13e0
- authentihash
- 154aaec215cc8d433e4f4be0d0609f06a9c0949d8ebb31c987b502d0abfcb9b6
- Compiler/Packer
- BobSoft Mini Delphi -> BoB / BobSoft
- PDB Pathway
Version Info
- LegalCopyright
- Jane, Inc.
- InternalName
- Jane2ch.exe
- FileVersion
- 3.8.3.0
- CompanyName
- Jane, Inc.
- LegalTrademarks
- -
- Comments
- -
- ProductName
- Jane Style
- ProductVersion
- 3.83
- FileDescription
- 2ch
- OriginalFilename
- Jane2ch.exe
- Translation
- 0x0411 0x03a4
Classification (TrID)
- 39.1% (.EXE) InstallShield setup
- 37.8% (.EXE) Win32 EXE PECompact compressed (generic)
- 13.3% (.EXE) Win32 Executable Delphi generic
- 4.1% (.EXE) Win32 Executable (generic)
- 1.8% (.EXE) Win16/32 Executable Delphi generic
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
File Certificates
Certificate chain was successfully validated.
Download Certificate File (6.7KiB)Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE | CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Serial: 40000000001154b5ac394 |
09/01/1998 13:00:00 01/28/2028 13:00:00 |
3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C |
CN=GlobalSign Timestamping CA - G2, O=GlobalSign nv-sa, C=BE | CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Serial: 400000000012f4ee152d7 |
04/13/2011 11:00:00 01/28/2028 13:00:00 |
95:C7:FF:05:1A:81:D4:5B:FA:80:B2:CA:4D:92:4F:A0 C0:E4:9D:2D:7D:90:A5:CD:42:7F:02:D9:12:56:94:D5:D6:EC:5B:71 |
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE | CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Serial: 400000000012f4ee1355c |
04/13/2011 11:00:00 04/13/2019 11:00:00 |
F8:A5:9A:1B:BE:4B:6D:90:06:29:16:1B:33:AB:21:B6 90:00:40:17:77:DD:2B:43:39:3D:7B:59:4D:2F:F4:CB:A4:51:6B:38 |
CN=GlobalSign TSA for MS Authenticode - G2, O=GMO GlobalSign Pte Ltd, C=SG | CN=GlobalSign Timestamping CA - G2, O=GlobalSign nv-sa, C=BE Serial: 112106a081d33fd87ae5824cc16b52094e03 |
02/03/2015 01:00:00 03/03/2026 01:00:00 |
F5:42:28:BB:F6:BD:67:C6:A5:50:95:79:26:76:4E:D4 B3:63:08:B4:D4:CD:ED:4F:CF:BD:66:B9:55:FA:E3:BF:B1:2C:29:E6 |
EMAILADDRESS=info@janesoft.net, CN="Jane, Inc.", O="Jane, Inc.", L=Osaka, ST=Osaka, C=JP | CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE Serial: 11217545833fe6184076c0e6945b7bcd5d6c |
07/04/2013 10:38:31 08/13/2015 08:49:51 |
FE:F9:EB:A9:94:A6:6D:A2:35:BF:D5:70:95:BD:79:96 4D:01:85:1E:AA:6C:8C:B5:86:F5:2E:B6:19:AA:42:DA:63:CB:D4:24 |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total (System Resource Monitor).
-
Input Sample
(PID: 3360)
-
iexplore.exe
-nohome
(PID: 3316)
- iexplore.exe SCODEF:3316 CREDAT:79873 (PID: 3392)
-
iexplore.exe
-nohome
(PID: 3316)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
api.2ch.net
OSINT |
104.20.50.205 |
TUCOWS, INC.
Organization: Race Queen, Inc Name Server: BEN.NS.CLOUDFLARE.COM Creation Date: Thu, 22 Jul 1999 08:39:48 GMT |
United States |
menu.2ch.net
OSINT |
104.20.50.205 |
TUCOWS, INC.
Organization: Race Queen, Inc Name Server: BEN.NS.CLOUDFLARE.COM Creation Date: Thu, 22 Jul 1999 08:39:48 GMT |
United States |
janesoft.net
OSINT |
219.94.155.244 |
TUCOWS DOMAINS INC.
Name Server: NS1.DNS.NE.JP Creation Date: Sat, 20 Dec 2008 00:00:00 GMT |
Japan |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
104.20.50.205 |
443
TCP |
<Input Sample> PID: 3360 |
United States |
219.94.155.244 |
80
TCP |
<Input Sample> PID: 3360 |
Japan |
104.20.50.205 |
80
TCP |
<Input Sample> PID: 3360 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
104.20.50.205:80 (menu.2ch.net) | GET | menu.2ch.net/bbsmenu.html | GET /bbsmenu.html HTTP/1.1
Connection: close
Host: menu.2ch.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: Monazilla/1.00 (JaneStyle/3.83) 200 OK More Details |
219.94.155.244:80 (janesoft.net) | GET | janesoft.net/janestyle/version.txt | GET /janestyle/version.txt HTTP/1.1
Connection: close
Host: janesoft.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: JaneStyle/3.83 200 OK More Details |
219.94.155.244:80 (janesoft.net) | GET | janesoft.net/janestyle/setting.php | GET /janestyle/setting.php HTTP/1.1
Connection: close
Host: janesoft.net
Accept: text/html, */*
Accept-Encoding: gzip
User-Agent: JaneStyle/3.83 200 OK More Details |
Memory Forensics
String | Context | Stream UID |
---|---|---|
http://www.amazon.co.jp/exec/obidos/external-search/?mode=blended&tag=janestyle-22&field-keywords= | Domain/IP reference | 27334-12867-005DB1F8 |
http://jbbs.shitaraba.net/ | Domain/IP reference | 27334-16912-005A04EC |
http://be.2ch.net | Domain/IP reference | 27334-13329-00621864 |
offlaw2.so | Domain/IP reference | 27334-2030-006467FC |
machibbs.com | Domain/IP reference | 27334-12145-00673E0C |
window.ad | Domain/IP reference | 27334-17399-005DE991 |
http://menu.2ch.net/bbsmenu.html | Domain/IP reference | 27334-12155-00671570 |
api.2ch.net/subject/ | Domain/IP reference | 27334-13492-006518C8 |
http://ime.st/ | Domain/IP reference | 27334-12545-005BE4F8 |
http://janesoft.net/janestyle/version.txt | Domain/IP reference | 27334-12222-005CF424 |
http://find.2ch.net/ | Domain/IP reference | 27334-10673-00638760 |
https://api.2ch.net/v1/auth/ | Domain/IP reference | 27334-1966-00670388 |
shitaraba.net | Domain/IP reference | 27334-12731-005CB5A8 |
read.so | Domain/IP reference | 27334-2707-006457CC |
ime.nu/ | Domain/IP reference | 27334-13470-0064AB68 |
http://nun.nu/?http:// | Domain/IP reference | 27334-12545-005BE4F8 |
be.2ch.net | Domain/IP reference | 27334-13484-00650420 |
jbbs.shitaraba.net/ | Domain/IP reference | 27334-12363-005A00C4 |
http://ime.nu/http:// | Domain/IP reference | 27334-12545-005BE4F8 |
http://jbbs.shitaraba.net/bbs/api/setting.cgi/ | Domain/IP reference | 27334-12939-005DF670 |
http://be.2ch.net/test/p.php?i= | Domain/IP reference | 27334-11985-0058D4F0 |
jbbs.shitaraba.net | Domain/IP reference | 27334-12145-00673E0C |
http://ime.nu/ | Domain/IP reference | 27334-12545-005BE4F8 |
http://janesoft.net/janestyle/setting.php | Domain/IP reference | 27334-12221-005CFF1C |
www.ime.st/ | Domain/IP reference | 27334-12729-005CAD8C |
jbbs.shitaraba.com | Domain/IP reference | 27334-12145-00673E0C |
http://img.2ch.net/ | Domain/IP reference | 27334-10676-0065CA08 |
http://be.2ch.net/index.php | Domain/IP reference | 27334-12698-0061BDAC |
http://info.2ch.net/ | Domain/IP reference | 27334-10673-00638760 |
read.pl | Domain/IP reference | 27334-2707-006457CC |
http://search.yahoo.co.jp/search?p | Domain/IP reference | 27334-13661-0068CCD4 |
127.0.0.1 | Domain/IP reference | 27334-10142-004E57AC |
2ch.net | Domain/IP reference | 27334-18490-006158BB |
https://api.2ch.net/v1/ | Domain/IP reference | 27334-13426-0063CF6C |
http://www.monazilla.org | Domain/IP reference | 27334-13393-0062F95C |
http://ff2ch.syoboi.jp/?q= | Domain/IP reference | 27334-12593-005B9250 |
bbspink.com | Domain/IP reference | 27334-12357-00612D7C |
http://premium.2ch.net/?id=janestyle | Domain/IP reference | 27334-25284-005DA7E2 |
http://jbbs.livedoor.jp/ | Domain/IP reference | 27334-12073-00636864 |
http://blog.bbspink.com/ | Domain/IP reference | 27334-10676-0065CA08 |
http://janesoft.net/janestyle/ | Domain/IP reference | 27334-12632-005BEB7C |
jbbs.livedoor.com | Domain/IP reference | 27334-12145-00673E0C |
api.2ch.net | Domain/IP reference | 27334-1008-0066E56C |
http://janesoft.net/janestyle | Domain/IP reference | 27334-13393-0062F95C |
http://ff2ch.syoboi.jp/ | Domain/IP reference | 27334-12594-005B9590 |
img.2ch.net/ | Domain/IP reference | 27334-1676-00642F00 |
machi.to | Domain/IP reference | 27334-12145-00673E0C |
jbbs.livedoor.jp | Domain/IP reference | 27334-12145-00673E0C |
info.2ch.net | Domain/IP reference | 27334-12269-00637FA0 |
http://jbbs.shitaraba.net/internet/8173/ | Domain/IP reference | 27334-12967-005DD4CC |
https://2chv.tora3.net/futen.cgi | Domain/IP reference | 27334-2003-00670964 |
Extracted Strings
Extracted Files
-
Informative 9
-
-
RecoveryStore.{DE313D83-AF23-11E7-B22D-0A002745ABDE}.dat
- Size
- 5KiB (5120 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3316)
- MD5
- 38f5b4679795e1117b37d8c8358c7a7f
- SHA1
- 69a90b226959657b617695abf365c44ab28a080d
- SHA256
- 2ba8ba7d2542423c73a396845c59d3b2f70f78ec0b3eb07f2db52f15719b107f
-
{DE313D84-AF23-11E7-B22D-0A002745ABDE}.dat
- Size
- 4KiB (4096 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3316)
- MD5
- 7a200afdad915bce884780c824a50d10
- SHA1
- fda018011b6cf43b8f850a71b8bb4826390f8f04
- SHA256
- 44fa949e5d1d31f1ebc368a3779f96b764df83937431aed8954a542531813ea5
-
ImageView.ini
- Size
- 1.3KiB (1356 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- 5172f3978a5b9ecfcb5c7247e3184441
- SHA1
- 9ff62cff3f908640e0cbb9a77e4976f2d03ef627
- SHA256
- 600b40df2607b41104226d988ce5b2bf5cfdfed062b4ed4d203fdc0255b436eb
-
bbsmenu.dat
- Size
- 61KiB (62195 bytes)
- Type
- html
- Description
- HTML document, Non-ISO extended-ASCII text, with LF, NEL line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- bc98eeaac07758d6e65df48fcbc14315
- SHA1
- 5ead2a85672894e8aff14c16840344b3bd678b99
- SHA256
- 66ec85d9928f2d1bdb9506b7e2f63786aa0573c21235a7351d00eaf08b2a60c1
-
bbsmenu.idx
- Size
- 36B (36 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- 6764ea0388dee710d51b49435c1b41a8
- SHA1
- 206782b114d0997342154de0b519e9c2f1b0320c
- SHA256
- a23bc8c76cbf61ebbd0c46459d7591b09189cec5480fdd9835f3ec0a460b4da9
-
attrib.ini
- Size
- 405B (405 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- 0345c0ef5f804e8e63a358c79aa1b76c
- SHA1
- 069eedc96d219caf243e26aec6d5513ba72d8e3a
- SHA256
- 38f4f04bfb512f606f594d2096403fefa774f7a8e32bb79589f0697276ee4928
-
b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.ini
- Size
- 8.8KiB (9054 bytes)
- Type
- text
- Description
- Non-ISO extended-ASCII text, with CRLF, LF, NEL line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- b42673d1614bbbce774b8ec9bba2c99b
- SHA1
- bb056aaf7490f12ed1e24b777ec98e5cda932c6a
- SHA256
- 2724fbca88383deea413fc2a77597c37b89fe2803c6f8c18b39a80bf02068616
-
favorites.dat
- Size
- 103B (103 bytes)
- Type
- text
- Description
- Non-ISO extended-ASCII text, with CRLF line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- 8dfb7df726fde78b83e8d62b7b7dd829
- SHA1
- 12e9f58108f9676097096eea820f829ead5215dd
- SHA256
- b203935bc8c6fa3c41f5bcee89334ef0655459ca48b112ef5127ca6a006cfe7f
-
jane2ch.brd
- Size
- 36KiB (36557 bytes)
- Type
- text
- Description
- Non-ISO extended-ASCII text, with CRLF, NEL line terminators
- Runtime Process
- b3ef97d53ff9ae1372e15dc3489aa190000b2b9274e4dd7a7535ef1ff8bfe0f7.exe (PID: 3360)
- MD5
- 0324d28e5aba780af650e3808fcf5146
- SHA1
- 2c984ce38318664fb704a1082e2b6ba47d9f34e8
- SHA256
- d0cf657b34afa5290e8f8c74eabd00487b3e6fa6ea0b2de56a22cccec4ddb8c7
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Not all IP/URL string resources were checked online
- Not all sources for signature ID "api-55" are available in the report
- Not all sources for signature ID "hooks-8" are available in the report
- Not all sources for signature ID "mutant-0" are available in the report
- Not all sources for signature ID "registry-17" are available in the report
- Not all sources for signature ID "registry-18" are available in the report
- Not all sources for signature ID "registry-19" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)