SmartHawk

0.8

低危

该样本未表现出任何异常！

重新分析

下载样本

02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209

02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe

分析耗时

17s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.08s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.07s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.77	Unknown	0.23s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

PE Imphash

0e836bd3be54eeeafd05573d50eaca49

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
ukiwGhLB	0x00001000	0x00018000	0x00000000	0.0
MIZwSMcb	0x00019000	0x0000e000	0x0000e000	7.876634655464009
.rsrc	0x00027000	0x00001000	0x00000400	2.9472922041417076

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x000242dc	0x000000b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x000242dc	0x000000b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library advapi32.dll:

• 0x42727c RegCloseKey

Library KERNEL32.DLL:

• 0x427284 LoadLibraryA

• 0x427288 ExitProcess

• 0x42728c GetProcAddress

• 0x427290 VirtualProtect

Library oleaut32.dll:

• 0x427298 VariantCopy

Library user32.dll:

• 0x4272a0 CharNextA

L!This program must be run under Win32
ukiwGhLB
MIZwSMcb
Boolean
Integero
StringPn+
TObject3
v[6`ysm
Irface
\dK^dd
Tna6dk?
undArray<
2 \XT2 PL 
2 6 c~V
$i-G;COs
4Z]_Gsw
^2O;rl
J8n{{{
)T{guDdn
V\{;t#
URux&G
7$KvkLp7
s+An#c4
,IztTR
vtPFIFHF>5
xaS;Tu
vH 8S(@
;s[s+D
Yg:58F
~2d"hCl=E
t)W*q*1Sc
+bPUo]
;0KVW*)
s!qABu
M] !T.nl
E"1!E*q
"c3**]S@Q[|
+\0vH;=
U`1bm`
3YwA:S4t
y13\Zl
yXu1s{E3
=E7!,;.
[!t1|9
<Kl/ v;"{
8+;!n+l;>
>3Q&782
w`B-g)U.nc=7u
<zwo}
yXZG=_c(
nn'6#@!
Huv=,o
XJ8+4PX
-je[Gm
/w)f%.
kR?Q.&
9uEN~Z
Y)RB!Z
LX0tJS
zO";x+
O!G1hGK
001!R#-^
.uK?90
pP~l#b
F t-tb
+tQ~_$xtZU
w%9&Ww!
ExC[)A 
c*tAN lfL
UY12+FS
$Xjt5x
x+m-?9
!$-5V@~d@2@t
gDZ[wxhi@%Cn8|M
CO8GvO
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RB/~QC/j\
Cv)/&D
dEJzEb
9;5S]=];TZ T7a
nR`%uYnb5F7
%S'(#0(
9{MUh]
F|@2dg
fp/U?f$
OFTWARE\Borland\Delphi\RTL
FPUMaskValu5"-9
2<lIu{@X3l
;97uKhM
IYVPc-
6V&v<VAAI!]!s
Xsjx]
-i+1ZHw
&U`)LZ
f[lx~YZrXV)iB
{P(, ;YY
9+su_\
^^Ba}O1
*]BN\1
/M&;I[
.QqJI%
R;MrZ
8!ugj~H
[Cao4L@a9
*p$G+ot%A
^Z7@L+
KuBf&v`
q7ZTUWV
zHZkY9
/'=t&,*
E<tq(I?
u\T;S*D
j`lwS}.
Rn]Cpth
Z<D~t-w~
dlx];~
?eA^_['
 76Nv8,_QDQ
=NuG'$!
Bp8lXk7l
Q~)~$P
RZl ET
./-Rf;0 u
LA?_P/
CaAD#.;
Q`H2;K
PDPS1JL
m:v`oW
/pbaQL@
0y&H@[0
S`-Xk&J|
9})RP
#MP#0N,||*|}&N~")~%/)
@;1OWJnjQx
)pk$S6L~Hht
1hL{@9y
(P? vB2!p@
OIW?mtXS$
gtrc@QTAZ
i%>Q\vBT,
.oK-L xO
#D,;jX
CR9dya}X
]r(eTX
E Z#QT
4EtXk
dAptxdA
'$$Bd$
YYwUx{
w917S9r
`ri=Ahy%`/+]\
@E|.-.
sb8IEp
2_b0XwJH
VCLs@rE4}\k
h^%m&F;E7vtX
bZUM)MN
;i+UOZ
JO8|"GJR+uj
3gLk;+;~
cfh5q.I`8'V{
hCkRZXN
u+1dEC
Pdjm3BC"C
WOhD`D
v[u*m+Z,XC
7zS@=M
+H)^@_
kernel32.dll
athName0#A
AAnE#hw
sl$bb@
ta!#6,b
x Tb3},
Qcale&
/OC"RS
x7Y-emu0J
=W9cK%
gkQX8d
8EKDE#
St+L+$
4(*(Cu"Jr@tPF
}~7(qM
rV9,/F
2Ftl?vo
-$fkw%Mf
B@M38s
BS!wN[m;
@t72W
]B@`-X
a-7V>Y
W4OG)d
@,Wt.Y
A0ZwkY
8ec<(+
A@x,k-
2 xtp2 lhd 
2 8402 ,($ 
#cp$pN
Exception$},q{
ppgEHed(;apZ[
EOutOfMemory[
EIn]Err
y[4rW4r
sWDsr*
EDivByZoW
!CRalngeWF
Ov]"lowsPt[PtXXc
idEVOpmW
2YeXWX
B#k`@PVW"
__(kPoind[
{zEAcssVla|_|
PrxleW
EaStack0x[4
B0xCot
.jlCkWx
6FandDy
f88[y+
SU{5UzWTz/
Safe~7 Ql?
U"ls#4!w
$F]({PK~;
TThr?dCu
x0'2v
$TMul>R
steWlVncN*izer+)0
AoDjZw
%"9't*^
[T6[7.\
WA38ZwQ
s,sF+U.G,
,fQ@|Z
b[#Tx):u(\
(R-Dcp5W"
\+A:`\:
^"8t[^_3-j30]1
~aFWf$
W/%=T't!)S}
%3 @t[CPe_\
D@'F_%,*It.
cFYs+?q
R 4M(_
e"mt<:u
G]ZYNsD<*50r=<9w9iXb
(]\GK4
lRiW0vw_M)^D]
9u-AN,
"[wGGD
u:A#R[<
N;MwS5
NtryM=
l=!b1l}&
Fp"z,8}
8~ZM4H(
)E]UJU"}6
[~iHCTF
Auakf.Jys
<D*Lm,4
|)A->
73l#}j
( M3R~x
CDHeU2v
"|`lKr8"C{
K,]Mp$Gv
9wHuF:$
/mctF;s<j
#B?w1Ko
p:hC;~
D/r8.B
^!VM.90Yt
(Nu7-5
StR$5|#D
bF^"%G
} UTEmMa
k-F-9o 
\}K*a**Mx
,Xg8;m5
ddYSU0(@!tHU
A3t7G5(
ZzVcClx
vgld7Z>cgcc[
(NFJ&#
s";UEuw
W4qGnA
@@aBLNg7
_:|+G{j3
utx}rV
(HwyCC@Q)+S+;vF
GG,g3#u
@B=uTn{
IuSv/)e`
y<%o4,  
&2`?l8,:
@<ea!)6H]
{ AMPM
&sLM%bv
D{)4h7]
h\h\LZlK
_DiskFreeSp.
_#z3i*
@FL`G: 
oD G/D
uv[up1)%
l(!+"?DWD
;FD3Lc
 0sD,Q3
G@)\_22`
3'+Dw8
-]wdk[P$+
;vXU;B$`
x4pt]8h
;Hs#d7
|Xtp8xC7t
T$dsPL\&8L41
hS9.K>
DL2$@849$(
TCustomTyped{
$I"(Z7Z,
l-J>1b`
|wC3GDk
}P-sG@s(s<Pj
0bG6`$V
-V=^Kl+j9F2
iu.+"L
@SEIF(
{@%/P]
3M-;HW
5R+(:r
*6B`MQZ
ar[?( s3^:+]
_ktuue6!Od%Z&
)8XWK[I
&}zuiVm
PaY<g'
r(E]pn
U]E,A`
[Y4}EP&
a8pk._+
$!V1ee
Xiabfam0kBX"Ws
#;}H<!j
VQd6My
c\iot5
6:LV`K
v3#4"&
mNEDW|C^aC$M
|$HAD
"A,](w
r0U$[TT
'#@*:<R
ZH0o&CFFo(
MB&yvmTX{Q
8BO"((A
w%$[4Q
`eTGS
F!P /PX
rT<@^7
@%\k:$?
rt/}l#
IfF^'W
%,?Up$
^Lf;]Hbh
pMu"zcA
XsMJ,aEg#Df
7<d`6V
VEut9`-ub3<M
EBUvt-[
xz +2'
f\MHu%
)!O&gVx
l;U2_e
?X_LDVM
HHt*?lc
H\^|llF
1RP0'F<0
64OpRfMUFYyH*<
{vgI-X
5pW|` 
}K,a.ERM
P@a=Kvi
P'=t!w
E@0>o'Q0"M
P6*.vc
yc!5~TK`i5-
6MJ-8Z@+RmB
.BpHs$
OnPRoavZ
160SVB
1Buv&bx
.taZP|
]co(lo
I7Fs#>u
^j^"k:
%oetv\&P
m+4$T*
n,YZ+HA'*
oc7x'|u
n\"h5&
C9~]_^?
Cq\p8 @p
(xYBQ9`4
aJGNnE
<jf"XW\JuQ9#
76C9;|
%i4CR7
Oh!-\<dxP:A
Pz]NJx
wv{2bbY
v,^[]7
Y=XwWQ
R@0(}
\*`}AM-
!A3KL`
t*E"0?
u/Y%'lt!
u`K'JKva--
Y+v0sP
'ti%!i
TLXaXD
 vY;")
2[l]L@
Q@HKaD
uuJD ?~{{{:
7v>_^v
?IA}h|w|ZGDA)Zc
=xPMd= z:(\W
KlW,FE"a
MTb0 Zc]
y{bdNE
R&jkMQ\Q$Wu
PHE*<le?
7Sa2?{X >C
4UJB3r
/Peam7
}OpenY@
6 HWQr
EClassNotF C
+mponen^[UVD7
mP@D$%AE0*{])o
IsAdapt
D+@+K3
l!#?\[l
THa{u"1#L
DPrP?APv
rFiusa
1Qv\\(g{<
ky`tCY{(S2v
l{,qE({[
T!dz#Ab
YEkOAQ@
gGupsW/P
)XB4B1E
.*Z_Q^
%HzxV}
A!aG)G
V0X-E6@
)@Rz$(
!e;xTQ6&%s
h-b$Sk85
D=[#0 6
XVTcd|U
< E@:B5e)
^)1*RP
eZXEF@l
@,\DZ{
6/PM8]UK}
D#0>U,YZ>CD9
AK@";SVO
VU[l~,QPN
<lp@S~tO
OZMGME$W`1B#eEE
t<2Ph$#
9wP('+
$%EtW$
0H&jHsv@.9
!'k?z@U(.9>*
U.74p6
-K`.wr]e8,O
uhi%^[(UUv
A3Y+bVQ
"Hf0_^
Pn'/UXu
7+AX`D<
/M.#AMc@M#
U  <%hl
C Jy,@Db`
- :!mu2Fp
;bMX:CKUM8
M4YTmm
43`*`%a1I>
/0qMUsl
1'9-wdMN
E,1BU*MXr
:hq)9G2xVN2#h
j2"I'q
W9H"223AW
A@9V|s
E&+CO@
dq>*CK
"C(H[Ol
W&]kPpKX~@#*\$
ddPt\S2~E
0ZCm>H*E3+\
CN#}=!
o-)|0|"
wM`#V(
I&i`p`#
]IxB&X@^)
rPp <A(tY
)hdgM=
-|J@}e.D:a
]A] (P`H{u
U7'jwtp
O:V;tV)u
^uO)BmTG
TPropFixjup;BT`wAAX\
]a&c|`EpF
(%nPiG
G'P0&k8
EHY$CE0
od0?Owner
$!?E_8
0bEAs/
Atk Srd). 5
Q8/!5wC
JXE8:[`M
2ZdT \DKt5\FX
,u&f(QXz
0x{I@
a8,52*R;X
UK\HA4u=W=D+t0
V{6N;w
)v, B`
D|{0"4E,
FDeg't
D,L7 ^0@
{rH("FQ
8!{NP,[!6
CP]Q-}}
X0,O]'`
q288mQXl%.[Y
}gxl,(>_0
{v3_?Xs.
LT3I7H/
\!"I3Il
Z#(UcP4
D2 wx/
}qYZ7<
M;bE 6\5
.uEp;XE+-<"
/(>uF|YFC
hgUgI0
xp`HY<
D;!Q>E75&v
2KxsE^SmI
(H\Y@sWn0#PV8VEAS28`X
$A[H__&~
j\a+p,
TTZu]!n
ie[>z
x=aTBBp`
/0+X03
!4#lYEGZg
4Gv@Gs_
R(mCu2'K
c+Z`P0
(HvX9u
c>A(J6
"XH_*v
GDW@V%
}TI"S`5
U/"TZ_jVq
?X6B&~/~V
E(a (8
08E-c@z0
NC~C<2j
U'!U"V
puifE'
ZPWA$x
y$*^F;
JYKjg&
Nkc^6{
x:w?[XY
l`dT@"
dpI">m
Qq4;?}&#U!
rw</F0X
aSeat"R
F"8Vr|
4KDA8R
poV>U%=
xLlY({k}
KgKqssVw
I:t1,"
~** u
P@d0Y,>#pUh
-'6X0 >%
cY%#XA
s{!)tK
Y>%f?Zh.(
M>&w,U/
gX fdourgu`
UqQ_Ah
u~,KWbtY{
Kvu!lh
,A;$@`
tpjybu
PY}ihHs
"(B|:B
lG*3m;`
u07^h}"
("H@@@x~J{
_~T@Y@
@uDz|#
EX7]>C
w'20>R
K;/MQBB
R_F|'M9
$3LntY
tl!4<Q
6QMEl09}
/YLC0Qp
&B(:S/X
q";"Q#
O(JiY|$
!B(\QDM
-AT[\g
 )zH+lU?
tM]xUR^
Fi(.P4$L
K JA9R
eftTopO
[0!euD
Epm5"4ftt
$YZ_'`
4~lQzJz1H
1Fb;-E
8UBa?4
'JBPG@
IoxML%k]}
\Q5P1q=
RCgry,
<_<!kN
Tq<J_<h$@_
K\g4!bPl
upP4<$*fOh
N#E,UK
X*~[8W
92-vlF/j
l TMVct2 .C}
i!caW@
sOJBQC,5 P
B \r(X
[kdex"
r32>%ar W
s Ep@o" 2  - At Of Th
lkc.MeG+J]kenna Jam(,ABuilt2
n Speed7
s[DiVX] L(#on
7?Hvkmo"nd@5w6SLvro|
JGFCKY3 MKg
WbZTHILu
a7Child/!(S1|o!-}c+wohk+nla
}U b9d-+,H
oo0+Websi,s#n;:"cIMcc !
vHer#+M
{U+and7_
.W dj/XP[
(wK`2~Fl
h 5.0'ME
UncaS*
7utestpt
Xa)OFirewallIUpW* h, 6 KeGNhtok
hara%2ghKG
/AikaQus
Aenai.[ilwz9n
1sstalw
e-.r^IZn"WPr
SZ7Br1ou&kh
0FTAokB!g
vs!Ul*'v
?cBUt1..?a (WORKS!!)/*
Ef-Mb:d
lVXlf-7f
8w6Y+~K
GsW#@maLINE
_CD1++}!aap.
Ts)'aZaA 4Hsk.
8v29UNOFFICIAL/2
,"0cX1LP&v-0
s`A`c|P0AK
;\*j0 S?C
Xbc2[}H
ypCXpx
uHHSKM
6g!x_=V~-"j]fE
8@kD`
w>ddHt5
'fig-i
gxUpxs=
oP\KuTo
pV?|anQ(:f3
012<6345:
A8{RX5 
P &aa!G{[
k[time e
K6789ABCD>{@EFz~@
 i(08@HiPX`hpxiii
 !X4(0
yrw|0xw\<x
D[1R0<
$pgpW/kC_p
;k s3mWY_
7nY;@
nNn;P8
|G7D+k
I3c,TU
aAeg-r
tu.{--
X76c)tk
f'5'l*
{xnmO_nGY
OQi3`]wa/l
XMA{ct1qH9f%C
WY8%y9@!MQlB
+En'''
A!t;:B
l}u)!q
kn/,d!
EkiaupC-Iw_
c0!1Gv}la
p 06mu-WlB
8.oAbo
CYe# Sd
>"Gk'v
 0R7RqtPv
+%Suw us;RYz
egad+i
D/k!XmAx
n{cCxlp+
i;s[{wz/
gmh}kId'
I'H p GK1}BP6d
"RTLA5@s}
5QH\f-*x
teCri[(6S.
iz0Virtu
;AId`v
Add&ss
(QEL}B
7Rtl:w_k
aikH $
a#b0h@
>tWA%GD6C
umCM?!
[GT~Voue
@G%5t/
%FFbQchFS
UBound
?0m.bo\d
^NextA>
j`DAT)
v.i{\n6
'OP'e;4">H$
XPTPSWXaD$j
advapi32.dll
KERNEL32.DLL
oleaut32.dll
user32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VariantCopy
CharNextA
[(rnNE`pV
fAl*/&=y9
a$~rSb
!(q:p~
@UDMTg#w|QU#),x
@HwGJ4
N-a4:
Kj,3o#ElyPL
C)S|kAj
Q:d6Jmv
|"wzs{4XxvsG|*(
{INoK^
l$"ebhtI'
bWWV":NJ}Z%Lz.'7
6l0p^Kn\@`K
k$(3.l
b[S6 dh\
?U)-/z
bZu,<D{
:oIf.*b
JfeQdf*d
o"/{|~
zaNbytn
/d|X`,
,Hoc1!Y&{
,sn}fdt
;u=dCW9
7{`N!W^
@h/%r4m/
vN-u[0
VzXU\ECo>uSI
R'2vC^k>l
*ZS1Lvu5
Lm_-/2\
5N.>P@E"*[h
,hQw '
p@[BhBh]+
N?l3CU
20n8inTB\K
##m`Ko
/j-s7wg
,lrDZh
|bC]r&=uSo
QR7L%k
V4<B%caYkX
jUf#Y%
>c"7@gX%
B7/8Wn
&o>pY[Q
tL/j6\MY
)8&(&Y|w@V
h<}4q[j
z~FFUNzf6A
k=oHQ7c!EH
25BUbV
10vMr$,t
qP!`)|`1yAg
2_%P]G
:$_0_F(3
?#` )7L
3d5;<|~
adiU2A>4h
00*W|QFed
2#|Cs[/..N2&!}KR6
3^-r6f7
+i,/B\D
|D3*]2uc
bvV!thG
&zG^/GT
/_Ays"GeT
73>>*EbU
_;1e$W%*Ztm
#t=i(EH
~n<g5Wsz)
.Fm'HJC
DVzE|J}G]:NE&
tM&c*2
.\/aCy
=vSq\-
CUMjCy$(
X=G;8kX|@
<$!5{CX
[1S,il.
]kB5gl
m;SQ"pG
kV|Y/ps
WUM9hA^=M
$X97>t
3_7Hro9/P,l@o
IQw7GA^
7"e"&!
p~q59zeA|#
EJi5z'
E:28cg4goHrv2Z
-y6!SR\(O,N[
see)%v
^pbrx[a)S8
254GtUU
%"`W+w-W
1;K|=@vxS
66lSC}
%LuNvcz>L
X[|Kry
REO<|V
-,>c`
|c/.t&LZT
FM"bp*VYNS
0VR5#^|OoH5
Gq9FW&
YUxN|&
D<H6[jSF^[
Si-gK@[j
Ml\ii9)
Q5Z6gfT1N.W
"*v@=mDC
o!fW*l-|+q{
]A>t\(.
,@B78=
<"@j+r
pq~(cDv#
Q?"4$wl_s
`pR%t}g
]ODUj`.oP/5R
he*}\|,`ip,d86
U7<eo]P*m
i$vqBM
JvW1'#bCTDTGL&="*Q
A6V+DpL
vj[&)&
AVnYl7-]
yr|@W-4!
1*x>OBh
!Dq~/x
g*cu184N
{%b&$N
r&mNz*-Wl
BYXJ`/NpDo
$f`Z|qcR
D:(@A<4
V3OpV[
!. <X?DI
;J$oyIR
x[)l(.Q
hG5.Ib5kV""~QC%,ep
T9C,<}7{I]=6
1(]9nb
!F^iW|
A5/n#>Q
<1k@,=E
INx!iw
I0Q"1/e
S0E"R|W
<b_vMTSl=FCOA;
|B Bveu4
r2BCZ.
)qP&uA*|
R`_n+AlaFb
_*G}`)
&(Ij5AM[
<"g'x]du{#E[brm=]N5-
- [6&Y;
/5gGw/
?N(BL%
R;3+%5PeR
21w]ak&Q
)#Y2tI
{=<ph0|2
pn%M5ar
2Y]k\w
#n)&O9ZyUh)%
6|^iy;o:
2p\Sp!WFB
5sjKa~
NFNw;?=N
O@xay=;Y
.j-$Yij
}0V5/m\
peJ5%YV
{co  "*]
fD0'&Z-
6w;#.*Y[`Zu$|Q
%~IRV9
2qZ,cQ
Jx3Wa<d
l0{n\{
vnf\q]1
jLbtzsX{
 ^<'cG*?\3
)orX#.
<=i-gi
5N@hT8f
I^Iq_3F
} wZyN%Eq
IRah[>+xcKk?u$`
9V0Y(6q
vm[{{.7Yp
%w]z`3).^U
Wq=TId
qQbM(>
PXHsi[
V!us/@BcX
&|#pcaC
~=mks+'N
=->Q!]X$U6eELq
U+#b`(|kHc
+l:l},]rYib
OwMPxP#hq+
4$L,.!'C
RIfI"]kU94@l3&
Nv04sv<
_A,psAX
)zsKw_
|dycr
$:L7A`i3&cWEA
NfucU1
#nX:'
$GN}Q``JD| I
cD)OZ$h
qHMFio
eQtc{y7J7
=TavM1eU
1z#%*%
pA`}IJ(m=
q6"701%
6s$KKXzl~Zqat]
H'i-kpk<K
a6CJf+
G:jsG*
%XAp)-xl*K/s
rS<$~gY|v:
A!J,M>
&#~!]c%
eCGxo/4
<!#%BS
$=#h&&).
^ e:vZ
scru,o
jYL 7Z
u( Y5YV
BvOJCK
w3Q2kS|}
K2R%F~/Z4
bT7Xftp+I
u89Dj<p
S4vFrj
5?Ay5b220
1!>0|>m*S
Hm|wU?2LcZ.HWX+On7?
y:zR6L8?NX~5|}(6TS,>
??{I9o[9pKx
eP.da@La.V]
@MR hz
;2N-E%
V,r e?vD+37
9a,1eQ^
E{[a;kc
O7^yrO)KTd2
`>N4hRS
$O%NTRo;9
,,|bAWA
m@q)O|Cf
tGK(J}Gi
\L?]][vk|;'"^
05patY
(x"8f^
)L1<r;<
SS|L~,sbLV
.Z&"&Eh
|0qViR
S0\(]!u9
c4l|mr^
8pj{Tz
{BAvGBP+
H[s%)n
Y;zyQ]lOau'j
/>QcGHt
J1!s!]gwQ$
-.|*H<EZS
 |V"~H>k;
 w.{Ia
@S{ZUuAv(n4+
%DC"!E
[Xgp HL$L8
1DC3$sZdNv
rx%x{FO2/
XtF,WzTh
0j45^Mvccqd&
r{V-#E
B0u]y06-
j{+`wqc
MiGVDOb
S?=$H|
V*<^g=y
c?{~`W/
u\pI]n
Ascjjg!
0>O&Jbl
Kw2Ql^,Vfc!%94x)RI%
<E{(t~&fqV'x]
~fGj8duzC#
j&s#9UfA
08O:rE
OjS/;S/J
TN6m$Z}=3j-(D~tJf[9
X|j5k)
6hg bKq{%L |eHlQs)
Q@_vrd
}<a)opP
f7dD`n
yn[F=B
{npCk1I4{/dlcnh
x5F?k7&-|'k@7 /4F'
T)Vv~YgUl9v
eOpum9M(&
(k1)&+
TWo+}D_&
C+en$|
-];#wVxSs1
 )|K{1
's&D<]~rL
Wf2*^.A
vB3UDo/
hkJ;?&v1
nUF;t^
.>lX0<o
;L9.L''
H$TjRu
!'$E_=[x-
dvC[]mh9C+E0bUq
>gnA[1
SyLD*=I?H"
`d'|,+!S[/
Nk'O2Qmk|F!'k
c{B]lH{a}8e`
f'_!@&
<Gw@obTIS03x.|v
cH:m/@Xt7
-='rBf>4
8-sBO&
m"<`_b
jDpYPb
LG>@bm0*pN]Uea
Xxo=\mpEY
<b[+ sEv4|{
Z2LcuP
f6R48Y&u<>f]Y7
:$GISo6(DlP
Z[SCDEF
9jyiJAokt
M3`mrk
l+;E'0|{
{s%;:0W
_Z#$If
"q},4n1n:*)|
ZN-m8
ur;:.1T:
vO3|qhKku(|v
__+88v!
}u[)96$
@c"'(iV4FB^o
nw"8nFX[
z/pr6]
I,s]O<cQ5<
deFt&.`K
aD\W)wf
vjbY4,)
uO_blM
Y5u`K,T=
mtWLLWg:ug1h`v
zCs%I
uZ%9K,h
#?F<E[
'9`Zb&
>'4ID|
{5x1ce
ZbEhpQ
_r}?:P25
"kA.?al
h*1-{n
rG]TC$
YQ^Mn|do
3QMQ8/;W<guT
0J$Z{3V}%CMGZ
a*W^PwaU9[\6i/q
l]Ce><bw9O{
||F9+s
YMU3R'
eX=o\A/w3`0,7Y
#Ym]cywb
]E4h`-%S
wYfjN:Q-1o/`[!
*"-eBF
\`_a&PF]v
,%1%-j|U
Vljm+D
{~wrQ{C^,b
&XM[zV
fR:r[m\X]#$
+QPS39&Q
mA 7^J
ZC)jI9`F]
8Q%a`m
3pf||m
>A_mZ%
|?oZoH~@4p`}.
Zyg\MIlv_0
ouX%-<x
Mi2!y1\
nsxgDy
)_uv+ KzsT
Qs_~/B|A
%9n5B}X_"nf
PTmE]
ATROqf(!
AjN9<(J9ulOz>
K2iUD"G
%f1g~Q
^9=-^u0x0
VWmk&-
UX@wOZ9
O,QAHSqk
cR1.q|-V?0{F
W2W\9]
,*9DV^UWO
]A{tBfC6EOO<[\RgA
wM{omN4CHH9
M]^E|Q]
]ZQ9'Jo
A?]vn{7%]
X?k;g'Qk|
Hw{phQ
=!||+^u%/
fU}s}!
RFd7s2F0f
MIy(_e__
D$(^@~
T\,3AjQ'7g}
pjqZU_P0N
XU4wKtN6L
qGw5T8%WXBae
U1&kaC
OMjtC)e5
`&y.od,@
aikJjlpW ;f
XcNW8fxo|,z
<WUa/!q
lNR4K}CT
D$*NY7r]Hp!75th
]6\D'l&v7h(NGh<\IqW
m*+S0Qw619
fh?$F%Z
omn*b`J6
Gy2M(W7
Fh:B#e:S
>&WD}<
^~k);]$a
6*_<RW
lfDGd5
*F<$Oz!;-k
{{qx0KEjz
I<1%GL"P
WNT1]S>ieJ?as,
[-M$x@{hvGk3I
Q6:{/u
e~8VpS 
C>a]|b
=cRn/F
0*_a3{ya"
5Aopf
O*B4O y
8Q"1|A
C"`V7 xdv
XFa$]2E_JS7!g`ksO2Q/4`o{/
2a[H`}
);JCTz|!TL;Es=
%IV}Ce&
+KnJ-O'mz.m
Zs7mA^
vzORhH
8O<9i%
[8j[G{S%;
u8TyS9,4S
YTgyGz|=Ws
{q.=}aUA
Q X8h/?&b
6Ov:?ub-4}f6L
|Xp1a||'%/
9lg@&'
kg]=Z~Yfy
xr|Qaz98KA}[
C]#bdK'w
L=7;Vbo
ZLGo98
:@oDh<Y9
N_nn9WSei<,q0=|
L2|"!#`
UaQ)8/B,E%
to@-LI/_
)+WyY&
q6)[<1j
)_:l&Ns:{?
a)Xr#_O0<o=k$ck
!uPnxzMZ
-6iia~R
Rk3uuj3d
{=MO=pd
FA`RtP|
uc*XQ$0v
]aJ@R}
tb3nT+3$
-,bn"`On<
T%Yj6W>m2QFW4U
~]U5w=;'&_
=k0R;k
)m{{GR
{S6d^>
rMv1kObrc
BAM5]`
/Qo%jSb"
f"_|Pwx
|&wdIq&d
DFW2-,M<Q
g7 .~^~
?V'P$
)R*BJ2{
{;WR4~ COe
99%;O
a]Bl<`'tQQ<FNO
+v,![&
c`'?~pF
)ED5]fV"
;,@ry&=U
oh33if
0zCktf
lK0q;:]
n' )!BV
;Mu@w]N<9]LRk/t
kk({m(Z
E'k4
HD<Qm,DC
Xs+SL`f
7l5H&51
 S&7gPPo
:HF]~Fh
()\qYw=
>;K)A2
&hP9FKfL.Q=
|ovhl4;
n};:*'Q
]Mww7_
tXx_#y
kfG)W6$LW=r%"5v
eg'bc/a
[|L$}{nI
.6(GTnR
S\4wg7%'
7TqGsJoQ!
x-,B_1,
pc{a>X\Rw-Dy6fwm1%
nC$M-37
9}({)JC
H&AY=`
D,^:L,S7
n!5GWVza7/
qqg,rPck
3A(Wa9s
"7;3]q{I9j
VT@yy^3_b
H~g@{/
QpBBj%Z,
zR\$v1?
:1 4(F)
4=e+0:y*:
=AI$mp!r7DW
g(N:*S}
^#5_qRk/6}j\
L;+>DN
2$_cnF;
jQ>Ib"
w+Ak|Z
M'h;[/e{-
.@Bik:_FV
b59G_)%.
N>Pw&I26
'U{'Q2o/
&$`7[rQ{G8eBcR
^rwihV*8MnpIC
63~`S8Z :%
*wQ:i}6U
}89.gI8Sc'k}t
yTH;59vz
])8h1p53;+Y
?\qJB]
|w4[|]
r2$r854x|>:\
+ZR0j[t*=
\cm5[-8B
X/XyNW'
d/30Jks
hGI_Su
9@bViKk
k j(O4tZ
F:^7=O~}&qh-
DVCLAL
PACKAGEINFO

Process Tree

02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe (2064) "C:\Users\Administrator\AppData\Local\Temp\02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe"

Search
02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe (2064)

02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe, PID: 2064, Parent PID: 628

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	74c4ef24dd23f96b_[divx] harry potter and the sorcerors stone full downloader.exe
Filepath	C:\Windows\Temp\[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c0bdb55d3756218be7a80296f91c7849`
SHA1	`2602f9a451e0d5ea66c544985b77633bcfb4c23e`
SHA256	`74c4ef24dd23f96bfe9d7fdc619cf04c2fd0df869a995592d5dbb0e9221a886d`
CRC32	`51A6D5D0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a353d1a4b357a2a9_borland delphi 6 key generator.exe
Filepath	C:\Windows\Temp\Borland Delphi 6 Key Generator.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`23ad46eb4d523d152cf72d9e80da43f6`
SHA1	`e02fcf8102bd00976cb7b09b76dd6ebb7b251345`
SHA256	`a353d1a4b357a2a944664bd7c84edb43c4bf4155ce1e8fd5a84da69204d5e928`
CRC32	`C6733424`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3b1f0a85178d07bb_sims fulldownloader.exe
Filepath	C:\Windows\Temp\SIMS FullDownloader.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6356fe9fc0ccbee0ddc3f0e0890f5f06`
SHA1	`079e21258141d4e9f353b45b0286e4cfeafe00ca`
SHA256	`3b1f0a85178d07bb6fae9cf14e8c43e4dba01fe7eaa6cb703d51908294795c1a`
CRC32	`214E7710`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7b9a958d1e0b3447_sony play station boot disc - downloader.exe
Filepath	C:\Windows\Temp\Sony Play station boot disc - Downloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`573f1ef2bc7ce0a9f0e9f1a73825275d`
SHA1	`b227bb8d9c4b10cf5b6c6fb667b522a18e6191f9`
SHA256	`7b9a958d1e0b34473a31a44e6e5b0d41284551488d96fec08b3c9bb48dee406a`
CRC32	`22BF5F69`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	efb972120fb455c4_britney spears nude.exe
Filepath	C:\Windows\Temp\Britney spears nude.exe
Size	91.1KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0c261a90476e846d335adccf6134cb51`
SHA1	`6c6b10ff638958d910cd77428af05bb77c9c4e48`
SHA256	`efb972120fb455c4943367b014d2641992e2476e2497e2ac9c010a0aebf1b829`
CRC32	`B7292960`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52d85885b1dcd781_winrar + crack.exe
Filepath	C:\Windows\Temp\Winrar + crack.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cd66b2ba9a800a9a603461056e1f0c8c`
SHA1	`53674a32ca50279bf04b79097752224ae5f05a7f`
SHA256	`52d85885b1dcd781ceeaa48945c0d363109d2e17a3752ccdd7829168625edb2b`
CRC32	`F2BAF709`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	667fe558ccb04af3_gta3 crack.exe
Filepath	C:\Windows\Temp\GTA3 crack.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d825d59233d42b510f5634e6299ea977`
SHA1	`ba4812be48113cf13f3b32e2756f4b2ae5355cb3`
SHA256	`667fe558ccb04af38222adb24bec7407a159c5a19323ef1973e03fbc2dbc71e5`
CRC32	`35E239B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9045c510130c41e9_battle.net key generator (works!!).exe
Filepath	C:\Windows\Temp\Battle.net key generator (WORKS!!).exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c66420b720009c25a9d448d40522a292`
SHA1	`a3f2e36ca42691914b116e6abcd4abd0723fdfd4`
SHA256	`9045c510130c41e9c64b31a974dd8aafed462c28654395eb73855dda226f6da6`
CRC32	`7974B326`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	486d69dd886f2459_internet and computer speed booster.exe
Filepath	C:\Windows\Temp\Internet and Computer Speed Booster.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cc8ba772c2b2ddd2b34b912871414d6d`
SHA1	`d1b28d48033bbe1090cdfc1ce2c70495501cd800`
SHA256	`486d69dd886f2459061f9edaa7a450d2a797e40f7e3cbbe543ad4758c1f67592`
CRC32	`4F1A55B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	056e79f474d0846d_hacking tool collection.exe
Filepath	C:\Windows\Temp\Hacking Tool Collection.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`23a17f6751cea1da585c21d498296b21`
SHA1	`158bb51ff4bf613f43ff6597c7f3aa9c14c6b054`
SHA256	`056e79f474d0846da2fb6684f3697dc80b680c13d4f67ce00f3dec2301d4596d`
CRC32	`91C1797B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	81872bf36ac1b8fb_starwars2 - cloneattack - fulldownloader.exe
Filepath	C:\Windows\Temp\StarWars2 - CloneAttack - FullDownloader.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c0a13ac5e5eea4c760c750f6531f0a50`
SHA1	`add880370c7a11b74d495f8e697b1a9db6c9d0fc`
SHA256	`81872bf36ac1b8fb31339bf257a50745d149fa36e5b4fba72aa7d6b5b48382c9`
CRC32	`7873D3B2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	57c4491df610dc17_zonealarm firewall full downloader.exe
Filepath	C:\Windows\Temp\ZoneAlarm Firewall Full Downloader.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`363b3c6f3b523cd56ab443c9bf1eb470`
SHA1	`1ff53b7252794ceb0b9fec745a13ded9028e05bd`
SHA256	`57c4491df610dc178afb001c32c2238f6e73a0127ef8a3e6eb457b54d5fd9c84`
CRC32	`7BC6320D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c52b45c8f4e6533f_spiderman fulldownloader.exe
Filepath	C:\Windows\Temp\Spiderman FullDownloader.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa1ec797abac56364f4a2e0a68d2f2ef`
SHA1	`9c035e403703dc27aca62fa5b2dadde41d7c13fe`
SHA256	`c52b45c8f4e6533f6c1755f1136052eed1ddb368b4ddd42656d151170abcc687`
CRC32	`0F68EA05`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	80e8ee30ca6d8ebd_half-life online key generator.exe
Filepath	C:\Windows\Temp\Half-life ONLINE key generator.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`06773376aec755f308162de3df2e00cd`
SHA1	`352b393b25fd175ed4895873a5d40c8c1baddaa0`
SHA256	`80e8ee30ca6d8ebd1b48880c6c6e82f3d71b93664aa17da935f5d2fba58774e0`
CRC32	`9C7C1F39`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9942fa039effee9b_moviezchannelsinstaler.exe
Filepath	C:\Windows\Temp\MoviezChannelsInstaler.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6fd5be4a471d1de0f0d0286bfa4c5d55`
SHA1	`6fdac42323e8861dca5c253adef541e946ff6dcc`
SHA256	`9942fa039effee9bd35fbc80bb254a63132ffd0856f15618d65154328f7ebc4e`
CRC32	`E91D834C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	634a3a516fdc88c0_quake 4 beta.exe
Filepath	C:\Windows\Temp\Quake 4 BETA.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`09a42757cfa5e616ead153f2b0e26c50`
SHA1	`3d1b047d9ed765e97a11196e54340f0a6f0b8f48`
SHA256	`634a3a516fdc88c0260357888427aa93d10c6cf0e53617646a8e0d21703c1e12`
CRC32	`D476B9CD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d942b353d2910c54_windows xp full downloader.exe
Filepath	C:\Windows\Temp\Windows XP Full Downloader.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7897bb86db2a3a8660b0b652a0f06903`
SHA1	`b10cfabbfa9a0c3c197199e8c8f4bc4fdd375c99`
SHA256	`d942b353d2910c54071141a9eeeb0570a562ec7ae336ed652fc1f7161ad5c045`
CRC32	`896659B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ebd67a0a9118aaad_zidane-screeninstaler.exe
Filepath	C:\Windows\Temp\Zidane-ScreenInstaler.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e43548fe7f80af14ceeb4669e81d55d8`
SHA1	`4a84f9ef7a9737771c2380ecc968e8f2bc6cf0da`
SHA256	`ebd67a0a9118aaad189f368e8239b0d343bf4d959f66dc7375c05f504d17ed22`
CRC32	`1D79F1D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	902e7fc98d1979dd_kazaa media desktop v2.0 unofficial.exe
Filepath	C:\Windows\Temp\KaZaA media desktop v2.0 UNOFFICIAL.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`68107751e62bb4cb469ed3af4f556610`
SHA1	`0538b533a7ffb1bb67f50a7f152ebf4a35526586`
SHA256	`902e7fc98d1979ddb041ab2348d5c7ee4ea69e7a58e0e5092787c0cd88ecaf82`
CRC32	`CFD56ABF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	174b07ab49ad71df_ps1 boot disc full dwonloader.exe
Filepath	C:\Windows\Temp\PS1 Boot Disc Full Dwonloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7f2d85b762a6f5e4d3732e8972b18957`
SHA1	`3cc7967b7a1e06a514dc646d29e8c8b11dfbce3b`
SHA256	`174b07ab49ad71df4f2ae2619accc1068bd179a267c5dc868f6e69aeb5c7e21a`
CRC32	`3CFE3456`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f25c2b410e6446be_cky3 - bam margera world industries alien workshop full downloader.exe
Filepath	C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`81c05773c55851b30827d0e52fd37603`
SHA1	`5778ce1ad327ed01d8b4114ac1c313fd576a0a9c`
SHA256	`f25c2b410e6446bee42b286a8d45e27cde0715544278af2a019da272044e00bf`
CRC32	`F5E9D52E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9dbbb60424652f2a_macromedia flash 5.0 full downloader.exe
Filepath	C:\Windows\Temp\Macromedia Flash 5.0 Full Downloader.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2cbd1a0e83bbfd2612465409f543424c`
SHA1	`34f6363e76f18ccda3e006147e8d0c9c7b5b295f`
SHA256	`9dbbb60424652f2a79cefe48a5605ef11810627bd862e818074bfb91cea55f9c`
CRC32	`79D2001C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bc2d7ce8496d15e8_star wars episode 2 downloader.exe
Filepath	C:\Windows\Temp\Star wars episode 2 downloader.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0c0980790c098f99c8ee7937ee4f8905`
SHA1	`b712f2bcd2f7389eb17db5abd8ff23117f957ae3`
SHA256	`bc2d7ce8496d15e8d0772fe0a8f8cd64348451433f0405bc2ddbf5e563977bda`
CRC32	`B582BFB0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a71e93642952c240_half-life won key generator.exe
Filepath	C:\Windows\Temp\Half-life WON key generator.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a87cb23f8ced3eb8fdff6787c5531801`
SHA1	`412d86ee4e594b756170d957c611db1ebc5ecd8c`
SHA256	`a71e93642952c240e433a9ed0d318f85838e80fb5e021452d1fc5249f107ca31`
CRC32	`5E224321`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93b58718935e5398_microsoft windows xp crack pack.exe
Filepath	C:\Windows\Temp\Microsoft Windows XP crack pack.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`777c1679bd0b6418a5e16384e666073c`
SHA1	`89343f024abc72a0ce8d4c244d64aa966fb5a174`
SHA256	`93b58718935e53986a0cfa678c15fe127ec60c258d9a733fc077b89ad41a050e`
CRC32	`0A00ACBD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c96bd32bc5b6dfea_warcraft 3 online key generator.exe
Filepath	C:\Windows\Temp\Warcraft 3 ONLINE key generator.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`75327104677c98a79c01c7d3e765b933`
SHA1	`ea6cd5515b4f9d0d6da80baf116e4c58d0ae56b0`
SHA256	`c96bd32bc5b6dfeaf719ea9bcfdfd5fee4a00748335a335ff30c9bac255d6c4e`
CRC32	`47D4E450`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	603ad3b08d4abbbf_gladiator fulldownloader.exe
Filepath	C:\Windows\Temp\Gladiator FullDownloader.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`674edf205bd76be575ff4b222022258a`
SHA1	`0b3f26aa95f764146e40b4d4a8a2b0ec6872801a`
SHA256	`603ad3b08d4abbbfc9f43d27e102944cd71e7af8dd158ce9cbdb84abb61726de`
CRC32	`C3510DD8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	94bff95d923464c6_xbox.info.exe
Filepath	C:\Windows\Temp\Xbox.info.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cf754b4b508cea73082d49559836ed6c`
SHA1	`442ab6a559b59c4801459900b2d8d19a5e38e0c2`
SHA256	`94bff95d923464c60138e860a870c9e63df6ff71579af3c4227e3f8caef22a16`
CRC32	`803DA336`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a131e7449478ab99_key generator for all windows xp versions.exe
Filepath	C:\Windows\Temp\Key generator for all windows XP versions.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6facc709b687ed676abd9d6957d90a2e`
SHA1	`98dc6cbf72f00fde3ddb6ce6ec0225389903b916`
SHA256	`a131e7449478ab998ba134469ee99c591f0a471cee93f71229616ea9f74b057e`
CRC32	`6CAD47FF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0997386403b8dc2c_windows xp serial generator.exe
Filepath	C:\Windows\Temp\Windows XP serial generator.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cba93ca22ae353d7b9b33bedab5c4673`
SHA1	`f38dd67881153d5b736443c6aeb504b3068fcda5`
SHA256	`0997386403b8dc2cc22a2742c1bbdc0230c00cfe9d3b51be9c419eb63c53d544`
CRC32	`C261AACF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	205a1506743e22a9_cat attacks child full downloader.exe
Filepath	C:\Windows\Temp\Cat Attacks Child Full Downloader.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a041775b3d40320e6906e6bfeda77cf9`
SHA1	`7c6e0526f1aa719e148b64c5ce277ac746fc059c`
SHA256	`205a1506743e22a99fdbde8d07f0b1ab20704685d00dc29528405690f5533517`
CRC32	`2E464E6F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	51e1c1482d9fd12a_aikaquest3hentai fulldownloader.exe
Filepath	C:\Windows\Temp\AikaQuest3Hentai FullDownloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b83ae00fab8c0e71949dac5ee1ee8973`
SHA1	`f3a0e5c1d46e6b88bfadeeca4d6fa45ad3acc533`
SHA256	`51e1c1482d9fd12ae68a780ee730248a366a5f9a25473f3af47847733682063c`
CRC32	`89B5B9D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5607b7fd107402b2_microsoft key generator, works for all microsoft products!!.exe
Filepath	C:\Windows\Temp\Microsoft key generator, works for ALL microsoft products!!.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1daae7aad6ccce5eb099274513d23d7e`
SHA1	`1126266e9cc170113eb4c2b1b2436c73f9112751`
SHA256	`5607b7fd107402b2f2696494d72b422f8996f61493b28d650ffdd4fc7e28b34a`
CRC32	`701D2838`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	165afc25095f415b_grand theft auto 3 cd1 crack.exe
Filepath	C:\Windows\Temp\Grand theft auto 3 CD1 crack.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2fd0b908c8561f5926ea5de76ac3c25c`
SHA1	`c36062ceb9d7342d9ad948935e69ad632ca6eaea`
SHA256	`165afc25095f415ba630cb44234cf0f7806c2c59698b68ff9267feed78ee3658`
CRC32	`5282DB7B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a6693b0c2ec9ac0c_star wars episode 2 - attack of the clones full downloader.exe
Filepath	C:\Windows\Temp\Star Wars Episode 2 - Attack Of The Clones Full Downloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`70675560d467a82aad52b077067c7129`
SHA1	`08458c56515fdc8b6506d9de5e8201b3af8090ff`
SHA256	`a6693b0c2ec9ac0cea98525c976c39d41cee368c3123a0fcb4783f02e8bab94e`
CRC32	`FE372160`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e681d7ffb883d460_dsl modem uncapper.exe
Filepath	C:\Windows\Temp\DSL Modem Uncapper.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dde2672f249c5e362dc65033295555a9`
SHA1	`60d4e530e6f876d58a0bfc0eaf0422237dde2408`
SHA256	`e681d7ffb883d4603d56b73a9fbece553a27cc23b16f82eb53292a0396c8b6e7`
CRC32	`2155F2A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c5eea1a4b2e609ad_lordoftherings-fulldownloader.exe
Filepath	C:\Windows\Temp\LordOfTheRings-FullDownloader.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b4723f2e6137c736ea2395aef034b754`
SHA1	`9ab868b7eebef33ad7d39a21b0decf52eb67b316`
SHA256	`c5eea1a4b2e609ad4464d397abd89126673cfa6f61824afa5eeccd9cf774481e`
CRC32	`B15E65E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b3188e7f1c5e4bf4_jenna jameson - built for speed downloader.exe
Filepath	C:\Windows\Temp\Jenna Jameson - Built For Speed Downloader.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4ae122158a3a501ea5c9fedbf280f122`
SHA1	`f9248b6a894b95d7fe7d3e9a0669ef7d0985490c`
SHA256	`b3188e7f1c5e4bf4f318fd37aa5bc8077572e10cd3b765e16360822e640cacc1`
CRC32	`2CAD7CD4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e847f79657cc7c89_msn password hacker and stealer.exe
Filepath	C:\Windows\Temp\MSN Password Hacker and Stealer.exe
Size	91.0KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fe90d60dafe33c63c39ac7f7d2cb1b17`
SHA1	`82be1b54d669227e8d510f2a611408de8b3b7d31`
SHA256	`e847f79657cc7c893c6bec21cac7eadac0eabf47790ebb01817b4821482a0c75`
CRC32	`664487CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	82549febb96846f1_winzip 8.0 + serial.exe
Filepath	C:\Windows\Temp\Winzip 8.0 + serial.exe
Size	90.8KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`575cf6da03770f950361ca0830dc22ca`
SHA1	`8836f48d12fcc23d0bcc566d61907eeec1e61c5a`
SHA256	`82549febb96846f19f4d0827db1d14e5da4b28164650ca84695dc29f25de5628`
CRC32	`BB65DC59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d2d72aa3d568b890_windows xp key generator.exe
Filepath	C:\Windows\Temp\Windows XP key generator.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`776b082baddbceb64e1ac4d795ce95d7`
SHA1	`4c7a2c493160c3c9caf0c6be63a450d72fb7d5ae`
SHA256	`d2d72aa3d568b89092a50908bdb8d2acf9828ca084ad3985db242f8437a12ba3`
CRC32	`0C5037F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e3550fd4827c7bc_shakira fulldownloader.exe
Filepath	C:\Windows\Temp\Shakira FullDownloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cf8b01143604e516445697ca25017e7a`
SHA1	`baff330b19776ec6f60bcf62f9c2808354e585da`
SHA256	`6e3550fd4827c7bcd96e5f271e76fad6fe909dedbdc0988422e3566d60810a63`
CRC32	`D23A371D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6569fe9c80f14d24_[divx] lord of the rings full downloader.exe
Filepath	C:\Windows\Temp\[DiVX] Lord of The Rings Full Downloader.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`37253b8b47adaaab33209ff675316cd0`
SHA1	`6536691b0e6e8980f86961a6a082c4388c494d45`
SHA256	`6569fe9c80f14d24252ae72142554bcea7fbf16bd3be95739d8670f9e98886bb`
CRC32	`0CD5DC0F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	26c9d300ab673787_macromedia key generator (all products).exe
Filepath	C:\Windows\Temp\Macromedia key generator (all products).exe
Size	91.1KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`746a193ea5ea5d03fe3c8975264b6c57`
SHA1	`3f8c0944a4dacccc730b67593e7d7ed9c1ef015c`
SHA256	`26c9d300ab673787a345e73a207bceca5edcd047ceb0342bd0d7813812dca5e4`
CRC32	`EF240609`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8db134808f31c740_scarymovie 2 full downloader.exe
Filepath	C:\Windows\Temp\ScaryMovie 2 Full Downloader.exe
Size	90.6KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`585bb354dc4136ba8761ad4bf338fd02`
SHA1	`ad7c63c490e6d49d5f3be0ffdbc9ebd492292809`
SHA256	`8db134808f31c7404bf304acaf1209ddcc41d8a49ffe7a9a16529cb8940a4571`
CRC32	`6F148591`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5a3c038b447704ab_warcraft 3 battle.net serial generator.exe
Filepath	C:\Windows\Temp\Warcraft 3 battle.net serial generator.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bbbd3b6de1850cb0db3fdb82abe3a67e`
SHA1	`edfefc2ddf43bdef5ab8dff0e90598f92e07898d`
SHA256	`5a3c038b447704abd1336b9c14037c9c28a7cc9c5f526a2b65d645f34734b7d7`
CRC32	`05DB4BDA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a32b613f370e664_divx.exe
Filepath	C:\Windows\Temp\DivX.exe
Size	90.7KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ee673e12ad2f91e04cc999ce431a9a3a`
SHA1	`0c8e911e0d55bf631e923b25e89c5c519ce27ffa`
SHA256	`2a32b613f370e664d7f547dad3c16dda2a370f0cc919b54f9147e616d06a9987`
CRC32	`EC0947C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5ab38e6b92da4f7_hack into any computer!!.exe
Filepath	C:\Windows\Temp\Hack into any computer!!.exe
Size	90.9KB
Processes	2064 (02e2050c0e45b9f2f1d29e6dea60ad2daf618b95ab0c7d48f74ae02ba10fa209.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e2492e7851dda9f451105cb0704d54f`
SHA1	`c921105ec673f499e5dca45150f9b5671472d8cd`
SHA256	`d5ab38e6b92da4f74ccabd70f5f8d5d0c64338736151efd6467d33db63d406d6`
CRC32	`082F33CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

file	C:\Windows\Temp\Xbox.info.exe
file	C:\Windows\Temp\Windows XP serial generator.exe
file	C:\Windows\Temp\Macromedia key generator (all products).exe
file	C:\Windows\Temp\ZoneAlarm Firewall Full Downloader.exe
file	C:\Windows\Temp\Winrar + crack.exe
file	C:\Windows\Temp\ScaryMovie 2 Full Downloader.exe
file	C:\Windows\Temp\SIMS FullDownloader.exe
file	C:\Windows\Temp\Quake 4 BETA.exe
file	C:\Windows\Temp\Windows XP Full Downloader.exe
file	C:\Windows\Temp\DivX.exe
file	C:\Windows\Temp\MSN Password Hacker and Stealer.exe
file	C:\Windows\Temp\LordOfTheRings-FullDownloader.exe
file	C:\Windows\Temp\[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
file	C:\Windows\Temp\Star Wars Episode 2 - Attack Of The Clones Full Downloader.exe
file	C:\Windows\Temp\Key generator for all windows XP versions.exe
file	C:\Windows\Temp\Jenna Jameson - Built For Speed Downloader.exe
file	C:\Windows\Temp\StarWars2 - CloneAttack - FullDownloader.exe
file	C:\Windows\Temp\Britney spears nude.exe
file	C:\Windows\Temp\KaZaA media desktop v2.0 UNOFFICIAL.exe
file	C:\Windows\Temp\DSL Modem Uncapper.exe
file	C:\Windows\Temp\Battle.net key generator (WORKS!!).exe
file	C:\Windows\Temp\Half-life ONLINE key generator.exe
file	C:\Windows\Temp\Cat Attacks Child Full Downloader.exe
file	C:\Windows\Temp\Macromedia Flash 5.0 Full Downloader.exe
file	C:\Windows\Temp\Borland Delphi 6 Key Generator.exe
file	C:\Windows\Temp\AIM Account Stealer Downloader.exe
file	C:\Windows\Temp\Star wars episode 2 downloader.exe
file	C:\Windows\Temp\Shakira FullDownloader.exe
file	C:\Windows\Temp\Winzip 8.0 + serial.exe
file	C:\Windows\Temp\Spiderman FullDownloader.exe
file	C:\Windows\Temp\Grand theft auto 3 CD1 crack.exe
file	C:\Windows\Temp\Windows XP key generator.exe
file	C:\Windows\Temp\Sony Play station boot disc - Downloader.exe
file	C:\Windows\Temp\Hacking Tool Collection.exe
file	C:\Windows\Temp\PS1 Boot Disc Full Dwonloader.exe
file	C:\Windows\Temp\Microsoft key generator, works for ALL microsoft products!!.exe
file	C:\Windows\Temp\AikaQuest3Hentai FullDownloader.exe
file	C:\Windows\Temp\MoviezChannelsInstaler.exe
file	C:\Windows\Temp\[DiVX] Lord of The Rings Full Downloader.exe
file	C:\Windows\Temp\Half-life WON key generator.exe
file	C:\Windows\Temp\Gladiator FullDownloader.exe
file	C:\Windows\Temp\How To Hack Websites.exe
file	C:\Windows\Temp\Internet and Computer Speed Booster.exe
file	C:\Windows\Temp\Warcraft 3 ONLINE key generator.exe
file	C:\Windows\Temp\Microsoft Windows XP crack pack.exe
file	C:\Windows\Temp\Hack into any computer!!.exe
file	C:\Windows\Temp\Zidane-ScreenInstaler.exe
file	C:\Windows\Temp\Warcraft 3 battle.net serial generator.exe
file	C:\Windows\Temp\GTA3 crack.exe
file	C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe

section	ukiwGhLB
section	MIZwSMcb