SmartHawk

0.8

低危

该样本未表现出任何异常！

重新分析

下载样本

0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0

0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe

分析耗时

17s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.77	Unknown	0.24s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

PE Imphash

0e836bd3be54eeeafd05573d50eaca49

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
SdCsWJxh	0x00001000	0x00019000	0x00000000	0.0
UsllVGnN	0x0001a000	0x0000e000	0x0000e000	7.877729583739481
.rsrc	0x00028000	0x00001000	0x00000400	2.9772483985450444

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00024018	0x000002b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x000242dc	0x000000b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x000242dc	0x000000b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library advapi32.dll:

• 0x42827c RegCloseKey

Library KERNEL32.DLL:

• 0x428284 LoadLibraryA

• 0x428288 ExitProcess

• 0x42828c GetProcAddress

• 0x428290 VirtualProtect

Library oleaut32.dll:

• 0x428298 VariantCopy

Library user32.dll:

• 0x4282a0 CharNextA

L!This program must be run under Win32
SdCsWJxh
UsllVGnN
BAADyZ
Boolean
Integero
StringPn+
TObject3
v[6`ysm
Irface
\dK^dd
Tna6dk?
undArray<
2 \XT2 PL 
2 6 c~V
$i-G;COs
4Z]_Gsw
^2O;rl
J8n{{{
)T{guDdn
V\{;t#
URux&G
7$KvkLp7
s+An#c4
,IztTR
vtPFIFHF>5
xaS;Tu
vH 8S(@
;s[s+D
Yg:58F
~2d"hCl=E
t)W*q*1Sc
+bPUo]
;0KVW*)
s!qABu
M] !T.nl
E"1!E*q
"c3**]S@Q[|
+\0vH;=
U`1bm`
3YwA:S4t
y13\Zl
yXu1s{E3
=E7!,;.
[!t1|9
<Kl/ v;"{
8+;!n+l;>
>3Q&782
w`B-g)U.nc=7u
<zwo}
yXZG=_c(
nn'6#@!
Huv=,o
XJ8+4PX
-je[Gm
/w)f%.
kR?Q.&
9uEN~Z
Y)RB!Z
LX0tJS
zO";x+
O!G1hGK
001!R#-^
.uK?90
pP~l#b
F t-tb
+tQ~_$xtZU
w%9&Ww!
ExC[)A 
c*tAN lfL
UY12+FS
$Xjt5x
x+m-?9
!$-5V@~d@2@t
gDZ[wxhi@%Cn8|M
CO8GvO
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RB/~QC/j\
Cv)/&D
dEJzEb
9;5S]=];TZ T7a
nR`%uYnb5F7
%S'(#0(
9{MUh]
F|@2dg
fp/U?f$
OFTWARE\Borland\Delphi\RTL
FPUMaskValu5"-9
2<lIu{@X3l
;97uKhM
IYVPc-
6V&v<VAAI!]!s
Xsjx]
-i+1ZHw
&U`)LZ
f[lx~YZrXV)iB
{P(, ;YY
9+su_\
^^Ba}O1
*]BN\1
/M&;I[
.QqJI%
R;MrZ
8!ugj~H
[Cao4L@a9
*p$G+ot%A
^Z7@L+
KuBf&v`
q7ZTUWV
zHZkY9
/'=t&,*
E<tq(I?
u\T;S*D
j`lwS}.
Rn]Cpth
Z<D~t-w~
dlx];~
?eA^_['
 76Nv8,_QDQ
=NuG'$!
Bp8lXk7l
Q~)~$P
RZl ET
./-Rf;0 u
LA?_P/
CaAD#.;
Q`H2;K
PDPS1JL
m:v`oW
/pbaQL@
0y&H@[0
S`-Xk&J|
9})RP
#MP#0N,||*|}&N~")~%/)
@;1OWJnjQx
)pk$S6L~Hht
1hL{@9y
(P? vB2!p@
OIW?mtXS$
gtrc@QTAZ
i%>Q\vBT,
.oK-L xO
#D,;jX
CR9dya}X
]r(eTX
E Z#QT
4EtXk
dAptxdA
'$$Bd$
YYwUx{
w917S9r
`ri=Ahy%`/+]\
@E|.-.
sb8IEp
2_b0XwJH
VCLs@rE4}\k
h^%m&F;E7vtX
bZUM)MN
;i+UOZ
JO8|"GJR+uj
3gLk;+;~
cfh5q.I`8'V{
hCkRZXN
u+1dEC
Pdjm3BC"C
WOhD`D
v[u*m+Z,XC
7zS@=M
+H)^@_
kernel32.dll
athName0#A
AAnE#hw
sl$bb@
ta!#6,b
x Tb3},
Qcale&
/OC"RS
x7Y-emu0J
=W9cK%
gkQX8d
8EKDE#
St+L+$
4(*(Cu"Jr@tPF
}~7(qM
rV9,/F
2Ftl?vo
-$fkw%Mf
B@M38s
BS!wN[m;
@t72W
]B@`-X
a-7V>Y
W4OG)d
@,Wt.Y
A0ZwkY
8ec<(+
A@x,k-
2 xtp2 lhd 
2 8402 ,($ 
#cp$pN
Exception$},q{
ppgEHed(;apZ[
EOutOfMemory[
EIn]Err
y[4rW4r
sWDsr*
EDivByZoW
!CRalngeWF
Ov]"lowsPt[PtXXc
idEVOpmW
2YeXWX
B#k`@PVW"
__(kPoind[
{zEAcssVla|_|
PrxleW
EaStack0x[4
B0xCot
.jlCkWx
6FandDy
f88[y+
SU{5UzWTz/
Safe~7 Ql?
U"ls#4!w
$F]({PK~;
TThr?dCu
x0'2v
$TMul>R
steWlVncN*izer+)0
AoDjZw
%"9't*^
[T6[7.\
WA38ZwQ
s,sF+U.G,
,fQ@|Z
b[#Tx):u(\
(R-Dcp5W"
\+A:`\:
^"8t[^_3-j30]1
~aFWf$
W/%=T't!)S}
%3 @t[CPe_\
D@'F_%,*It.
cFYs+?q
R 4M(_
e"mt<:u
G]ZYNsD<*50r=<9w9iXb
(]\GK4
lRiW0vw_M)^D]
9u-AN,
"[wGGD
u:A#R[<
N;MwS5
NtryM=
l=!b1l}&
Fp"z,8}
8~ZM4H(
)E]UJU"}6
[~iHCTF
Auakf.Jys
<D*Lm,4
|)A->
73l#}j
( M3R~x
CDHeU2v
"|`lKr8"C{
K,]Mp$Gv
9wHuF:$
/mctF;s<j
#B?w1Ko
p:hC;~
D/r8.B
^!VM.90Yt
(Nu7-5
StR$5|#D
bF^"%G
} UTEmMa
k-F-9o 
\}K*a**Mx
,Xg8;m5
ddYSU0(@!tHU
A3t7G5(
ZzVcClx
vgld7Z>cgcc[
(NFJ&#
s";UEuw
W4qGnA
@@aBLNg7
_:|+G{j3
utx}rV
(HwyCC@Q)+S+;vF
GG,g3#u
@B=uTn{
IuSv/)e`
y<%o4,  
&2`?l8,:
@<ea!)6H]
{ AMPM
&sLM%bv
D{)4h7]
h\h\LZlK
_DiskFreeSp.
_#z3i*
@FL`G: 
oD G/D
uv[up1)%
l(!+"?DWD
;FD3Lc
 0sD,Q3
G@)\_22`
3'+Dw8
-]wdk[P$+
;vXU;B$`
x4pt]8h
;Hs#d7
|Xtp8xC7t
T$dsPL\&8L41
hS9.K>
DL2$@849$(
TCustomTyped{
$I"(Z7Z,
l-J>1b`
|wC3GDk
}P-sG@s(s<Pj
0bG6`$V
-V=^Kl+j9F2
iu.+"L
@SEIF(
{@%/P]
3M-;HW
5R+(:r
*6B`MQZ
ar[?( s3^:+]
_ktuue6!Od%Z&
)8XWK[I
&}zuiVm
PaY<g'
r(E]pn
U]E,A`
[Y4}EP&
a8pk._+
$!V1ee
Xiabfam0kBX"Ws
#;}H<!j
VQd6My
c\iot5
6:LV`K
v3#4"&
mNEDW|C^aC$M
|$HAD
"A,](w
r0U$[TT
'#@*:<R
ZH0o&CFFo(
MB&yvmTX{Q
8BO"((A
w%$[4Q
`eTGS
F!P /PX
rT<@^7
@%\k:$?
rt/}l#
IfF^'W
%,?Up$
^Lf;]Hbh
pMu"zcA
XsMJ,aEg#Df
7<d`6V
VEut9`-ub3<M
EBUvt-[
xz +2'
f\MHu%
)!O&gVx
l;U2_e
?X_LDVM
HHt*?lc
H\^|llF
1RP0'F<0
64OpRfMUFYyH*<
{vgI-X
5pW|` 
}K,a.ERM
P@a=Kvi
P'=t!w
E@0>o'Q0"M
P6*.vc
yc!5~TK`i5-
6MJ-8Z@+RmB
.BpHs$
OnPRoavZ
160SVB
1Buv&bx
.taZP|
]co(lo
I7Fs#>u
^j^"k:
%oetv\&P
m+4$T*
n,YZ+HA'*
oc7x'|u
n\"h5&
C9~]_^?
Cq\p8 @p
(xYBQ9`4
aJGNnE
<jf"XW\JuQ9#
76C9;|
%i4CR7
Oh!-\<dxP:A
Pz]NJx
wv{2bbY
v,^[]7
Y=XwWQ
R@0(}
\*`}AM-
!A3KL`
t*E"0?
u/Y%'lt!
u`K'JKva--
Y+v0sP
'ti%!i
TLXaXD
 vY;")
2[l]L@
Q@HKaD
uuJD ?~{{{:
7v>_^v
?IA}h|w|ZGDA)Zc
=xPMd= z:(\W
KlW,FE"a
MTb0 Zc]
y{bdNE
R&jkMQ\Q$Wu
PHE*<le?
7Sa2?{X >C
4UJB3r
/Peam7
}OpenY@
6 HWQr
EClassNotF C
+mponen^[UVD7
mP@D$%AE0*{])o
IsAdapt
D+@+K3
l!#?\[l
THa{u"1#L
DPrP?APv
rFiusa
1Qv\\(g{<
ky`tCY{(S2v
l{,qE({[
T!dz#Ab
YEkOAQ@
gGupsW/P
)XB4B1E
.*Z_Q^
%HzxV}
A!aG)G
V0X-E6@
)@Rz$(
!e;xTQ6&%s
h-b$Sk85
D=[#0 6
XVTcd|U
< E@:B5e)
^)1*RP
eZXEF@l
@,\DZ{
6/PM8]UK}
D#0>U,YZ>CD9
AK@";SVO
VU[l~,QPN
<lp@S~tO
OZMGME$W`1B#eEE
t<2Ph$#
9wP('+
$%EtW$
0H&jHsv@.9
!'k?z@U(.9>*
U.74p6
-K`.wr]e8,O
uhi%^[(UUv
A3Y+bVQ
"Hf0_^
Pn'/UXu
7+AX`D<
/M.#AMc@M#
U  <%hl
C Jy,@Db`
- :!mu2Fp
;bMX:CKUM8
M4YTmm
43`*`%a1I>
/0qMUsl
1'9-wdMN
E,1BU*MXr
:hq)9G2xVN2#h
j2"I'q
W9H"223AW
A@9V|s
E&+CO@
dq>*CK
"C(H[Ol
W&]kPpKX~@#*\$
ddPt\S2~E
0ZCm>H*E3+\
CN#}=!
o-)|0|"
wM`#V(
I&i`p`#
]IxB&X@^)
rPp <A(tY
)hdgM=
-|J@}e.D:a
]A] (P`H{u
U7'jwtp
O:V;tV)u
^uO)BmTG
TPropFixjup;BT`wAAX\
]a&c|`EpF
(%nPiG
G'P0&k8
EHY$CE0
od0?Owner
$!?E_8
0bEAs/
Atk Srd). 5
Q8/!5wC
JXE8:[`M
2ZdT \DKt5\FX
,u&f(QXz
0x{I@
a8,52*R;X
UK\HA4u=W=D+t0
V{6N;w
)v, B`
D|{0"4E,
FDeg't
D,L7 ^0@
{rH("FQ
8!{NP,[!6
CP]Q-}}
X0,O]'`
q288mQXl%.[Y
}gxl,(>_0
{v3_?Xs.
LT3I7H/
\!"I3Il
Z#(UcP4
D2 wx/
}qYZ7<
M;bE 6\5
.uEp;XE+-<"
/(>uF|YFC
hgUgI0
xp`HY<
D;!Q>E75&v
2KxsE^SmI
(H\Y@sWn0#PV8VEAS28`X
$A[H__&~
j\a+p,
TTZu]!n
ie[>z
x=aTBBp`
/0+X03
!4#lYEGZg
4Gv@Gs_
R(mCu2'K
c+Z`P0
(HvX9u
c>A(J6
"XH_*v
GDW@V%
}TI"S`5
U/"TZ_jVq
?X6B&~/~V
E(a (8
08E-c@z0
NC~C<2j
U'!U"V
puifE'
ZPWA$x
y$*^F;
JYKjg&
Nkc^6{
x:w?[XY
l`dT@"
dpI">m
Qq4;?}&#U!
rw</F0X
aSeat"R
F"8Vr|
4KDA8R
poV>U%=
xLlY({k}
KgKqssVw
I:t1,"
~** u
P@d0Y,>#pUh
-'6X0 >%
cY%#XA
s{!)tK
Y>%f?Zh.(
M>&w,U/
gX fdourgu`
UqQ_Ah
u~,KWbtY{
Kvu!lh
,A;$@`
tpjybu
PY}ihHs
"(B|:B
lG*3m;`
u07^h}"
("H@@@x~J{
_~T@Y@
@uDz|#
EX7]>C
w'20>R
K;/MQBB
R_F|'M9
$3LntY
tl!4<Q
6QMEl09}
/YLC0Qp
&B(:S/X
q";"Q#
O(JiY|$
!B(\QDM
-AT[\g
 )zH+lU?
tM]xUR^
Fi(.P4$L
K JA9R
eftTopO
[0!euD
Epm5"4ftt
$YZ_'`
4~lQzJz1H
1Fb;-E
8UBa?4
'JBPG@
IoxML%k]}
\Q5P1q=
RCgry,
<_<!kN
Tq<J_<h$@_
K\g4!bPl
upP4<$*fOh
N#E,UK
X*~[8W
92-vlF/j
l TMVct2 .C}
i!caW@
sOJBQC,5 P
B \r(X
s Ep<ode ~G
2 - At Of ThJ
~ Down
7_.exeG'Jenwna Jam(,ABuilt2o
o\Speed7lk.o[DiVX] L(#on
!R,mJK7?H
o"nd@-SLrro
{%0JGFCKY3
WmkQHILuL
%Oat=7/Child/!
S1|o!J
}c+wo+nla
 b9d-+
+Websi,s#"_IMcc
Der#+MSN
w0U+and7_
of$Dy#
W dj/XP[k
(wK`BFl
h 5.0'
5DSLX/8UncaSX
'P@)t
autestF
)aOFirewallW#'U&  6 KeGNhv
4nvi,E:. -87
Kj@/AikaQus`
enai.+
wz9}aan1sstalwX
e-.r+I
[n"WPX
SS+FBr1oud
(nu c
HxETAokl!tBg'B.s!Ul*.5
+foCDj
?caBUt1.O (WORKS!!)/*[Ef-Mb:x)Y
GsW#,}[LINE
CD1++h_HXp
4Ts)'B0aZaA 4Hsk.8Mv29UNOFFICIAL/?
z5dHDn
;\!_nm
o8+'c
OHH{$AT,1
@|%\%6
Fmr3`e\z5
E^zaa\`c`C
+~]|'! KuQH
\{ 85X
9\\Cur
.D6d)Ik
 Wu<{a=0
"N8@zDem-Xb
GOg<"-*v
S%l?u6DgX
NV%Hv@"8o
z\G'figqi`d
b=(Ru/
; 0GIq@+h
H,7E012<6345:
@dhax0C084
baKL=bHs!F
^9@"LI
j; rSU
D$QlTU_
time e
6789AB
CDEFz~
 ii(08@HiPX`hpixii
ej2 A#
w|0xw 
!Ox?yryTz
Pli:(O
AY;_mohR<@o
>$pgpW_
@n ;';@
FU%JQUTU
UUUJFQU% 
O]7a%m;m
aA})eg-r
?3yI^ll
Qi3a,X/l
iG!vF7
0{ct19d\6fC6w
5l+![%
+%_!-ay
ck0EpK
oM8DOW0l
y90PvHQl
+En'$l)''<-K
Opbt}nmC
lAAx5g
/)6vHv
#)kn/!
E=`0sp
E`0kiaC,f
cGv LH}laSMdd
U1`0w
T7Erw-
#Om$}1
Qbw@h-D
H ;lAns
w"S]Juws6Hd;RU
gtH=gA
F)#?Dh
D/kqet
{cCp+^2
amh}kI
%pe}dP6
Ini-@o
"RTLusEP
K hTb(UX
mn05QH\f
*Sleep
teCvi6S2[
@iz0ViPErtu
aAllocaoc
('To%s?
(v{Add&ss
;}omm@n.5
UnhdapC/
ZYDirdocR
6CE{;`
umCM?0B
s1T~$cVoue
 g6w%(lFF`chFSdcL|af
GeFraUBound
.|p^N<tA> a
 DAT`o)U
'-q@psw
XPTPSWXaD$j
9u\1~B
advapi32.dll
KERNEL32.DLL
oleaut32.dll
user32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VariantCopy
CharNextA
LkXk2pQ'5
/[27S<e
y=kI,p
~HrOG08&tKCO5U?
9q'8u#
Ez^V5Z>q
3?I|0NYD!p}O
)>*;P$
`v<:d[
5P7qy X@.(
Y6RwQa
BE~k=9
LX1PHk
c{qd>tV+
6HbREW)9XXt0ycF1\
M+Kb1!
s8J3\@
Cy:+?K
GJmSbK
mk/MljYK
;m7?*E:`It}`
)miF?{sW#l4
BC5yTsVd
4Ay <::
m'j*>>Q
LkXk2pQ'5
LkXk2pQ'5
/[27S<e
y=kI,p
~HrOG08&tKCO5U?
LkXk2pQ'5
/[27S<e
y=kI,p
~HrOG08&tKCO5U?
9q'8u#
Ez^V5Z>q
3?I|0NYD!p}O
(W>$V09.s
d^CZ[!lL
+`j6js$z
JWUr@QyQA
/?6y<L
g{aV\]B>
UMZ=> 
=?BJwZi
I.t,L[8 1cO"
F+J'']X
;yeF='bi
+LUkch
QYHF9j
z)tc,lfL-
=oBvA~
A7@J?_
jXjfeaL
%SXwJa
pyG+yL-
O;+*SA
mqTJSg
OAE)sCq
M0<U"<Kc
cVo(J/52
k9+=~`
&weKbR5H$.H
>1"s&6|Pj2Z
$5MX,xr
iq&,IHG
Sx;=?}K
^E]r6LX9t$d5
Xw3@Ntka"&1p+U
F,w >A#maN
/g}OpYG
;USbekCJGz
.2R3* 
=tI`A9]_P}
whupu0
aG<d_V"7aw
6V(ia0y
7:>2u-fV
AQdE;z~
%|^H$ r5Dqv
vhsXO?
;Da4s+v
h:F67~_
-<LW*[f
vlwG$T.4h6R
(Zm!Ef127Sb
P0W+71{
6nU'Ss`
~3B[I:>3
iG(@Vq
gS^m6m'TcA
LkXk2pQ'5
/[27S<e
y=kI,p
~HrOG0
LkXk2pQ'5
/[27S<e
y=kI,p
~HrOG08&t
]$N/`Z
He'=YX<L
G$*4bz)X?
xYpNr,J26s
hnQ2O9S4
u+u,J(S<j
T\d<HSE'
Xo6(/n-o
'qoi<{
 xEda)r
o}[mqu<HCIm
'+s}Z[F
>nrKNPw@"Ix\]^NN
O!vq[=
j>5t#
?ZO^%W
z}hg|<<-
t`Ms j[xf\Rv)+
IK?157OQ
A-BnJs
{]3T~a`y
[[afAaU(
% ,eq%n
(uxf<<5a'
}(D1^:43
2@q'D4O
IV!cxEf;aQRJmoS1
8v'*T@
AT6#A#@o
6EWIxqZ
,,q<~/
{xF|#,
3CigmP
1,l,N
]Yakv\0,NhZ$
-T,QWf~#HB4
-(051Z
sW5k;7gn{I
%Hda^i
@5qFJi
HE FC/3\;^~F'a
E?o/72V4u!
T4Di23|JuuB4
toRu2Q
6I/'H|
%t,]Pgy
$mtlWlR9Z
#5=em@H4cBW
xl]W@R
OHgtjA
upgrXUn
a$[U=]
Gw'JMB
Zu~y-YT
G5![03w
4n!X-T2
v$GHwE
0f$t,[|
r9f!2$!6Db"$
}l; m&&
'^;58l
VTYc0/
mu(}AC}RKX#
[TSRlPy
V?_UzO/
*r:$In
K%3}e^
?d_ljH
$5?*Q^
j`=>@ 
F[e3jR3
/P_/^B
<y/8> Bm
98xT2"1%m
Aj;R`7_Me
P .dTj
ydc,2/
vFN%P'[+($af
%l/\s?
)T%iqLe
#oCGF;4
jr#iBw
 <l&Yi
-])`cg?,
#a+AjNHd
by6{h9<
KyN*ez
 s%`j['x1^
f~Dxl*
+k$Sksg~0)
'(C2cC
)Q-gm9o@3
)/2gqy`W
2~l|6P9
1q#DT^
131)S
+9'T99
z~GTkn
\v69OFIc
*CTgwN8oA^U
 a<cO!@c
PRZayS.
'-z|CQ3O+E
y88s=rh{=L-SK
4agn6ty?bs$
*)zB=OaP5
 ^J(E.
$A\gSf9;
Yoj)U8
}IYCnLi'Dx_l%nqK{
}!$"N5
|1P)lnN:42;O|tx4y$}kzZ
Zi\wA6|
bN"Pbl\H*7h:Z
!SMN!Ok
IQ[E|ADP
zgU-uyr}w)
V'^Pzgo
FR,/j2F7{4I
5Ef'bgT
P \E`/m
EToEi:7
zkTYcX
Y0D!v@Y
]on>3Kd5Z* 
$3EY1@p
s=Qw1+
l rw[9.s
cBgBX4
KJm"Yk(J
U7VRecms**D
ICQ)!km
@@ep8$Drr|2deUUmx
JUDE@i
DVCLAL
PACKAGEINFO

Process Tree

0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe (2336) "C:\Users\Administrator\AppData\Local\Temp\0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe"

Search
0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe (2336)

0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe, PID: 2336, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	cbf67f8585fba22d_winzip 8.0 + serial.exe
Filepath	C:\Windows\Temp\Winzip 8.0 + serial.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a5c9572f353faa295956b58f94c85f8`
SHA1	`44f929925df9444066bf3fb8333c48fe94fd4295`
SHA256	`cbf67f8585fba22de5f68a6419c019a75272df97e6e93bad9a123106e8fe3f0c`
CRC32	`5CC5499F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fd9a6eadb1c855d4_[divx] harry potter and the sorcerors stone full downloader.exe
Filepath	C:\Windows\Temp\[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bd62246490d77b4fb4be4c47064322d8`
SHA1	`d19fd4a3a1c6b09231845fe42222ded0adb89bb7`
SHA256	`fd9a6eadb1c855d442b3d7b68e5e19d73fd5938ab133bbe5b9efaa8974ecbe45`
CRC32	`E2AA5B0C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	77642129ebe3714d_warcraft 3 online key generator.exe
Filepath	C:\Windows\Temp\Warcraft 3 ONLINE key generator.exe
Size	70.6KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`227c582c9092517c15aa6b8f91231c49`
SHA1	`b11377483a6a06c3b7aa7da73468f74a52bfa69f`
SHA256	`77642129ebe3714d6ff487be5fb6b55e2dc19c861517940a208c65495e374400`
CRC32	`DE0DBC64`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6ca08c88b90f73ac_spiderman fulldownloader.exe
Filepath	C:\Windows\Temp\Spiderman FullDownloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6853f5b4db1caaf0c18476d559684735`
SHA1	`9069391d5c760cd019e263d1fe8d4393902c0cb4`
SHA256	`6ca08c88b90f73ace23bc7259c82f20257d3991d73c5b5a4ac10e0981aad1cd9`
CRC32	`A7488718`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a239d7863d16b2b9_hack into any computer!!.exe
Filepath	C:\Windows\Temp\Hack into any computer!!.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f07fe24d0e12d0998da8883aa864a150`
SHA1	`15c63b8bada2015f5ca9055230ce3a8049bbd101`
SHA256	`a239d7863d16b2b9a2a90b5d949cf5f1671731ec89055363789dee150af08b0c`
CRC32	`225D702D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6ebacba8ce673c9a_windows xp key generator.exe
Filepath	C:\Windows\Temp\Windows XP key generator.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f705ded7ac7284d5e3dd48bf9f1331a7`
SHA1	`a0469a9ad8fbcb682a5d944cda6b1cb8bfed3a81`
SHA256	`6ebacba8ce673c9a20135afca499969110dfc3bbee1798028f14be2e3a575346`
CRC32	`23D46EE7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a04638e08e120403_divx.exe
Filepath	C:\Windows\Temp\DivX.exe
Size	70.1KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`660ae3a150c694f7d23131585a72be09`
SHA1	`726fb5b0d8c8e289e588d59e893474dde863a144`
SHA256	`a04638e08e12040347e6cf88dadc9f78f4de7776a328e7a12b09296afc2c90b8`
CRC32	`39C396F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c5b88aa5b7985a62_half-life online key generator.exe
Filepath	C:\Windows\Temp\Half-life ONLINE key generator.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76194d8a3a46b6bf452490c8beb18140`
SHA1	`642ddbbce431690cef02a5a05b9f002bfe0bf8dd`
SHA256	`c5b88aa5b7985a62e3713839b3f1c8318decb898dd09908458cf0f36afa158b1`
CRC32	`43D5DC0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	733ac15ef60e2682_microsoft windows xp crack pack.exe
Filepath	C:\Windows\Temp\Microsoft Windows XP crack pack.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`716386df49f3731361f3f4b0fce39207`
SHA1	`971cbd7ab533a6ec7b100436905a1f2c83d5e4d0`
SHA256	`733ac15ef60e2682ff7a1af9f75a128f967d8ae0a3dd61bb4f7d70f5ddfafb5c`
CRC32	`11BA67EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9e531cc7ec0f2ce_internet and computer speed booster.exe
Filepath	C:\Windows\Temp\Internet and Computer Speed Booster.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25271416dd42a0f036784154771f51f9`
SHA1	`f562873b256619e2f97ab7cdf3e8978df6097512`
SHA256	`b9e531cc7ec0f2ceabd22477537848a37adf1538a39da91a8814fab6bee3c9fd`
CRC32	`5776F028`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e863a2429679f3a_cky3 - bam margera world industries alien workshop full downloader.exe
Filepath	C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a3fcb63ec0922f900a0e496bf26d5471`
SHA1	`bbf35576146cfc4f316d375b38d950d697e575b6`
SHA256	`6e863a2429679f3a945750d927f3589a2e2d1358615a026135eb639c33616dcd`
CRC32	`7F7A61DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b00247a2bda60877_macromedia key generator (all products).exe
Filepath	C:\Windows\Temp\Macromedia key generator (all products).exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ac412b52683d6030eaacb4950afd79d0`
SHA1	`ab042e4f71b2d13f3af3ff52829ed165cd98f942`
SHA256	`b00247a2bda60877efa0431e185d728e2aa7f5f5ceef35464f2a4a50115fddb6`
CRC32	`54EC923E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bf190622cfa03ef9_aikaquest3hentai fulldownloader.exe
Filepath	C:\Windows\Temp\AikaQuest3Hentai FullDownloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c136936f9a44424a5badfcf3c71fa01c`
SHA1	`517d66bc1be9777b0d739a0cd14169d179bf8f3d`
SHA256	`bf190622cfa03ef9a97f5e8220f4f2492d3c3fdc09dddd7f7e655f7dae32734d`
CRC32	`D018BD52`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	19b3ceb352408c70_lordoftherings-fulldownloader.exe
Filepath	C:\Windows\Temp\LordOfTheRings-FullDownloader.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`52d86573eed6ef0a25c6c7998a2d1fb5`
SHA1	`e42f75409b86139f2d9fdd0e1dd32d2fff873ffd`
SHA256	`19b3ceb352408c706d341c5034329a4bd2fc0c6aa60c95bbb555c78fa4099c85`
CRC32	`41F9120A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ae9a999d18ed4ce1_battle.net key generator (works!!).exe
Filepath	C:\Windows\Temp\Battle.net key generator (WORKS!!).exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`40b6737fd60c433816aae12e7209b4d4`
SHA1	`634e051299be1dac4b3663ff2125c986fb2cf54b`
SHA256	`ae9a999d18ed4ce17be04006974e403c020e7d95d1647759a02f8fb34350d955`
CRC32	`2678CB22`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	563d4810e805b5f6_hacking tool collection.exe
Filepath	C:\Windows\Temp\Hacking Tool Collection.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8511a9e095c8e47d6a8e77d7d77905a6`
SHA1	`c6f4695bc3137502c2f35c233f6743a72f076baf`
SHA256	`563d4810e805b5f6c058e890348f36bcbd65cfe63250dc6f0fffda8f4405150f`
CRC32	`050510FA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	50e03f29a9f8eadc_gta3 crack.exe
Filepath	C:\Windows\Temp\GTA3 crack.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`75b223390ebbd229c5fd06de2adf9d53`
SHA1	`ae957d709928c384266b2f51cf6f379ab5e6c918`
SHA256	`50e03f29a9f8eadcff1117f91357a6a8db01bd6c61dac81ac887af38d00d471f`
CRC32	`052D7DE7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7d88bca69da9677a_cat attacks child full downloader.exe
Filepath	C:\Windows\Temp\Cat Attacks Child Full Downloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ba30a5161471b3f90d107e503838ffcf`
SHA1	`5d786f1cda82f336d2f64be4e04186af8c0a2a8c`
SHA256	`7d88bca69da9677a473267c163ad3f1db579917a385445e5c326b110fb0679d6`
CRC32	`8472F237`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	115bbdc57472d202_quake 4 beta.exe
Filepath	C:\Windows\Temp\Quake 4 BETA.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`13feaff9221e86a88e9468318aa8fb0b`
SHA1	`891d78b4f1609065f7feeb0eb5f51afb85d1a1f2`
SHA256	`115bbdc57472d202a0425c14005e6dd34e1a4c7a6980f2b3f515069c5c1804de`
CRC32	`8A8D1718`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f4a9c6b55cd3914_how to hack websites.exe
Filepath	C:\Windows\Temp\How To Hack Websites.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8f9f520cd79c91c6bc2e57aeb9e9279c`
SHA1	`95019ab70735815de7fa5c571e45a2aebd7348d8`
SHA256	`7f4a9c6b55cd3914de943e0a9f2fa5accb302584c6b5a53937d695b3408d4686`
CRC32	`821624D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d9f518d0c504494_star wars episode 2 - attack of the clones full downloader.exe
Filepath	C:\Windows\Temp\Star Wars Episode 2 - Attack Of The Clones Full Downloader.exe
Size	70.1KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`897464ebc1448fdd88024752a5876b4c`
SHA1	`49aa349199361a570e67d5ce3c5bc69701d474df`
SHA256	`2d9f518d0c50449469f071ebf4f26df202f93a70f9c85a6d886ed2ed2152c486`
CRC32	`9E5277B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7a2759889bf79a8_shakira fulldownloader.exe
Filepath	C:\Windows\Temp\Shakira FullDownloader.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`487cfac7d43c1227be8a32a2ab5cc810`
SHA1	`ff7ba803d4b61ba5695030ac80536622f7d719bb`
SHA256	`c7a2759889bf79a838f24e7ac000ba66e2e2b9a36585833878008d01f2d9c06a`
CRC32	`87F6F549`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0cc6b3bf2d336959_windows xp full downloader.exe
Filepath	C:\Windows\Temp\Windows XP Full Downloader.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`34384fa05fa54f1610120ddd737001a0`
SHA1	`1a97efab664d57a7312cc50a6f96191f49fea1e6`
SHA256	`0cc6b3bf2d336959637a3e5858459960eb0b59bdc64ffc14f07f471a873bd8da`
CRC32	`7C8FA27D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	21fe1947ad53a6bb_xbox.info.exe
Filepath	C:\Windows\Temp\Xbox.info.exe
Size	70.1KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1ba15183ec3b2bf9e811d0cc08359114`
SHA1	`8db5015ce3af13519969b052bbe950f301c47b04`
SHA256	`21fe1947ad53a6bbd7a7aa8aa84b49fe84a552948ab265426fe501b38e8616a0`
CRC32	`BC0500E9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5284c37da2604e87_key generator for all windows xp versions.exe
Filepath	C:\Windows\Temp\Key generator for all windows XP versions.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a39e015d9c7d71def2cd8e8b6632ca72`
SHA1	`dda3a556e07e4175acbcae658c59211d0418971a`
SHA256	`5284c37da2604e87e5bad16b24ab54d5636e412d7f1b7b73761a7e79dad40262`
CRC32	`B2461043`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	047d3976e3178b3a_msn password hacker and stealer.exe
Filepath	C:\Windows\Temp\MSN Password Hacker and Stealer.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4012a7d89573a7dd95eb52f9ff1e8caf`
SHA1	`2ed6397ade5b4f2554111ab232c51c15afe0898a`
SHA256	`047d3976e3178b3a178f14527bfcbe59a02533d8332bcf85e18c111c845b1775`
CRC32	`7A08B0C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bf5b7d35a9a9ce68_warcraft 3 battle.net serial generator.exe
Filepath	C:\Windows\Temp\Warcraft 3 battle.net serial generator.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2e6fb966092e4ec24d05a9da7bd857fc`
SHA1	`1e5dba5a7859c15f8e321d0dbf18792aeb70f776`
SHA256	`bf5b7d35a9a9ce682306a1e3bc090c3598625169aa2ac7146177f03a6f076be4`
CRC32	`A0661879`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	337421ef2806d88c_sims fulldownloader.exe
Filepath	C:\Windows\Temp\SIMS FullDownloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7a408a4bf1e169487311a2bd1659fae4`
SHA1	`a0da8eed40e48944c7a824325974abd4aa3d6d8a`
SHA256	`337421ef2806d88c25d8352c278185cd1de498b21ac0fa0fe8917ffa537d9d52`
CRC32	`B98537C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	68a13e2356952afb_zonealarm firewall full downloader.exe
Filepath	C:\Windows\Temp\ZoneAlarm Firewall Full Downloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ef6526f7363fae01a222ce24e2b744b6`
SHA1	`efc9c6962769f9e646efd1d2e80e6a033a95071b`
SHA256	`68a13e2356952afbb53cd0070c855a14d902bdc8543cd7cf6b3e193b939a1d0e`
CRC32	`20CB0936`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	22d656561519ed06_starwars2 - cloneattack - fulldownloader.exe
Filepath	C:\Windows\Temp\StarWars2 - CloneAttack - FullDownloader.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1c5e81bcdb4c64840b46a0a686059780`
SHA1	`f77de0af41ff7e85d850ad1e16df3651f39dc003`
SHA256	`22d656561519ed0676ab2cb77ba95acb8476bd1caf2b6c7902128fc742660e3b`
CRC32	`7AD0EE50`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b6ce2544450ec47a_zidane-screeninstaler.exe
Filepath	C:\Windows\Temp\Zidane-ScreenInstaler.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d88dd7084697bcc8369509b5637bd684`
SHA1	`2e7765ac6005388023c9f37be6965ab68fd5e9fd`
SHA256	`b6ce2544450ec47a9dfdbb949e94623725241526acc9c248577f87278d32b202`
CRC32	`ED696ABC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d343c63a2bc6f76_winrar + crack.exe
Filepath	C:\Windows\Temp\Winrar + crack.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`23fe547a9fe7797f3ea0e93b14c5253f`
SHA1	`0699814d7dc085bf0ab3da5f6a5cfcbae8653a4b`
SHA256	`4d343c63a2bc6f7674e9f9974509106019d09d6df167d249cde77d9c40cd0bba`
CRC32	`17F0F44B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eacdbae68c9cfc58_dsl modem uncapper.exe
Filepath	C:\Windows\Temp\DSL Modem Uncapper.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c339262e0b8374aa470f6f7615c29887`
SHA1	`994f42e2d42bbc50802bdc51df72899512620a6a`
SHA256	`eacdbae68c9cfc58851e049093693463a470220fc7ae1c84f0b17ca4bff15bd9`
CRC32	`96B78532`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29e18b44d5659c86_windows xp serial generator.exe
Filepath	C:\Windows\Temp\Windows XP serial generator.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`769bbe4df45c5ef3184085926457dbe1`
SHA1	`ee1d008cdfd18df3edefdcdc5947877095b23606`
SHA256	`29e18b44d5659c86c468ab00e22ffc110fc2636a6edae1f89b9e6a9c45c151df`
CRC32	`9DCDCCD9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	57099fdf80bc7342_gladiator fulldownloader.exe
Filepath	C:\Windows\Temp\Gladiator FullDownloader.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`92cac3de6819de58814b0837531c0241`
SHA1	`f57d41d953d539204aa55dc1b12d4f80cdd4d55b`
SHA256	`57099fdf80bc7342b09a4cda27196c6310e083d28fa338461a0a2445656b260a`
CRC32	`9BBB99A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	941fc1ac20394c40_britney spears nude.exe
Filepath	C:\Windows\Temp\Britney spears nude.exe
Size	70.2KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cf24a12fac622687134e8ff9b9389c20`
SHA1	`4b6b41438c4fbdc86e52ea4f374296752bbb3dcd`
SHA256	`941fc1ac20394c408eab7a4e295717a838ae3d489ac34f7fb0025caf3db8c12c`
CRC32	`AE2FEEE5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	84790ee40c3c488a_grand theft auto 3 cd1 crack.exe
Filepath	C:\Windows\Temp\Grand theft auto 3 CD1 crack.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`301ef6466ca0ec4df2501677134e1979`
SHA1	`979c791e9c567d2c70b8bcef2369f1741e66d5af`
SHA256	`84790ee40c3c488ad68cfefdeadce553206014f196a4dd4cd30ceb7a5cd0b5c4`
CRC32	`343C9CF4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	94d20dd6c39dfa38_borland delphi 6 key generator.exe
Filepath	C:\Windows\Temp\Borland Delphi 6 Key Generator.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c8920c866e3d9a61a67f619c2936e0bc`
SHA1	`1f84bd667da2b6bd0f07976f0d74d58208b8558f`
SHA256	`94d20dd6c39dfa38422d01b398bee23c62be92e1092d7a951730a8fe7b3a9572`
CRC32	`480965E1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ecd454b4f4283f17_microsoft key generator, works for all microsoft products!!.exe
Filepath	C:\Windows\Temp\Microsoft key generator, works for ALL microsoft products!!.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6eb2a74eb0afb32f01bb9d94387d692c`
SHA1	`9cb0d9b247425f5c5c7775789178830b91e76746`
SHA256	`ecd454b4f4283f17712399ea5578bff31d30e24448c2bd985e849a664af63d7e`
CRC32	`9680DF9C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	59f598354ae25b2f_scarymovie 2 full downloader.exe
Filepath	C:\Windows\Temp\ScaryMovie 2 Full Downloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`212191720bdfa11ddcec33d179050d3c`
SHA1	`f64bb92fa2dd78b262033a5e7c775eaced2f1298`
SHA256	`59f598354ae25b2f410ac00ed415641f53d1e75952100abebf2175183ef2bcef`
CRC32	`39BE9FA2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	25c3ebe446474b8f_kazaa media desktop v2.0 unofficial.exe
Filepath	C:\Windows\Temp\KaZaA media desktop v2.0 UNOFFICIAL.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b63add695b2fa6c1aa9c693cc3a331d3`
SHA1	`03e49583402ebf13dec7c51671243f4ba237af81`
SHA256	`25c3ebe446474b8f18d2a44210d5c7a9c365ee7f9553327a2d773bd490c75ede`
CRC32	`5C27BA09`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eee2211eca8e397c_aim account stealer downloader.exe
Filepath	C:\Windows\Temp\AIM Account Stealer Downloader.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e77ab1fb46707a692a5e5468205e706f`
SHA1	`f635ad2b62a07c346ca118691103e02cef1aaa58`
SHA256	`eee2211eca8e397c5fdc2fc2e59c767290fa17511d6a9fc2c365a7b5dcb846f7`
CRC32	`E72260EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	775813e7aaf3a164_moviezchannelsinstaler.exe
Filepath	C:\Windows\Temp\MoviezChannelsInstaler.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07526c6f057027fe39b05d1ec139a9f8`
SHA1	`231593c4a1b178602e9af0e7c4e97b7e26f92ad9`
SHA256	`775813e7aaf3a1645749f434cc662d71b4d350c170017f900de296d8250e692b`
CRC32	`4AA5F183`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	22a8cce9493d3ace_[divx] lord of the rings full downloader.exe
Filepath	C:\Windows\Temp\[DiVX] Lord of The Rings Full Downloader.exe
Size	70.6KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1a5e2b3c168cbdca35bee8fbef33db2c`
SHA1	`56491db88fa6e8979eb3790e6240fb0d24998b65`
SHA256	`22a8cce9493d3ace6175f26fdeb3592e2af95d94afc63ffe2c8aca78eaa8001a`
CRC32	`2CFF2A3A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cd9ddfbb4d298433_jenna jameson - built for speed downloader.exe
Filepath	C:\Windows\Temp\Jenna Jameson - Built For Speed Downloader.exe
Size	70.3KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`62b5ed1af9a7df1ce4b0ff9178212e5d`
SHA1	`49d75f8cd2e4281186878cd6b25fd98709db9b47`
SHA256	`cd9ddfbb4d298433b515ccd613915f255a491592081f5e58f5d00aabdad6020b`
CRC32	`F2021A97`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f4c5aa88a0f3cff8_ps1 boot disc full dwonloader.exe
Filepath	C:\Windows\Temp\PS1 Boot Disc Full Dwonloader.exe
Size	70.4KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`24161f41fb00065b12d4d48ced63c969`
SHA1	`1a0dad373f805521ed311f46125a5682742e11ea`
SHA256	`f4c5aa88a0f3cff86c0b6bf337f2535dc598a9f3d0c400678c5fb7c440dbe691`
CRC32	`246EC426`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	889498522e6a2ca4_half-life won key generator.exe
Filepath	C:\Windows\Temp\Half-life WON key generator.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b23d5a0b44eba119a5fdaa72937f6a19`
SHA1	`c0bec2083aa5950c3d1475d514de3f0dbcfdb446`
SHA256	`889498522e6a2ca477d86661fc3db415695891ef95d47c4df5d84f41fabc3061`
CRC32	`D65EA5B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	772fce04a204fd1b_macromedia flash 5.0 full downloader.exe
Filepath	C:\Windows\Temp\Macromedia Flash 5.0 Full Downloader.exe
Size	70.5KB
Processes	2336 (0c4e2569ed4ee25cf0a75647b3c60c2825c1aed31e4e6d825a85d5bf296426c0.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25d8c93331c0b40915e3ad51b4dc965f`
SHA1	`c63195980772fe7dff889a0a20f876b56e75662b`
SHA256	`772fce04a204fd1b17f2ed0c7bd0950b517fab520b21adefaa4a4b2648ea3c57`
CRC32	`CF938722`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

file	C:\Windows\Temp\Half-life ONLINE key generator.exe
file	C:\Windows\Temp\Sony Play station boot disc - Downloader.exe
file	C:\Windows\Temp\Britney spears nude.exe
file	C:\Windows\Temp\AIM Account Stealer Downloader.exe
file	C:\Windows\Temp\Borland Delphi 6 Key Generator.exe
file	C:\Windows\Temp\Warcraft 3 battle.net serial generator.exe
file	C:\Windows\Temp\PS1 Boot Disc Full Dwonloader.exe
file	C:\Windows\Temp\Jenna Jameson - Built For Speed Downloader.exe
file	C:\Windows\Temp\Zidane-ScreenInstaler.exe
file	C:\Windows\Temp\ScaryMovie 2 Full Downloader.exe
file	C:\Windows\Temp\Macromedia Flash 5.0 Full Downloader.exe
file	C:\Windows\Temp\DivX.exe
file	C:\Windows\Temp\Cat Attacks Child Full Downloader.exe
file	C:\Windows\Temp\StarWars2 - CloneAttack - FullDownloader.exe
file	C:\Windows\Temp\Gladiator FullDownloader.exe
file	C:\Windows\Temp\GTA3 crack.exe
file	C:\Windows\Temp\How To Hack Websites.exe
file	C:\Windows\Temp\Warcraft 3 ONLINE key generator.exe
file	C:\Windows\Temp\DSL Modem Uncapper.exe
file	C:\Windows\Temp\Windows XP key generator.exe
file	C:\Windows\Temp\Shakira FullDownloader.exe
file	C:\Windows\Temp\Winzip 8.0 + serial.exe
file	C:\Windows\Temp\Hack into any computer!!.exe
file	C:\Windows\Temp\[DiVX] Lord of The Rings Full Downloader.exe
file	C:\Windows\Temp\ZoneAlarm Firewall Full Downloader.exe
file	C:\Windows\Temp\Microsoft Windows XP crack pack.exe
file	C:\Windows\Temp\Hacking Tool Collection.exe
file	C:\Windows\Temp\Grand theft auto 3 CD1 crack.exe
file	C:\Windows\Temp\LordOfTheRings-FullDownloader.exe
file	C:\Windows\Temp\Windows XP serial generator.exe
file	C:\Windows\Temp\KaZaA media desktop v2.0 UNOFFICIAL.exe
file	C:\Windows\Temp\[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
file	C:\Windows\Temp\MSN Password Hacker and Stealer.exe
file	C:\Windows\Temp\AikaQuest3Hentai FullDownloader.exe
file	C:\Windows\Temp\Internet and Computer Speed Booster.exe
file	C:\Windows\Temp\Winrar + crack.exe
file	C:\Windows\Temp\Xbox.info.exe
file	C:\Windows\Temp\Spiderman FullDownloader.exe
file	C:\Windows\Temp\Windows XP Full Downloader.exe
file	C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe
file	C:\Windows\Temp\Key generator for all windows XP versions.exe
file	C:\Windows\Temp\Macromedia key generator (all products).exe
file	C:\Windows\Temp\Half-life WON key generator.exe
file	C:\Windows\Temp\SIMS FullDownloader.exe
file	C:\Windows\Temp\Star wars episode 2 downloader.exe
file	C:\Windows\Temp\Microsoft key generator, works for ALL microsoft products!!.exe
file	C:\Windows\Temp\Quake 4 BETA.exe
file	C:\Windows\Temp\MoviezChannelsInstaler.exe
file	C:\Windows\Temp\Battle.net key generator (WORKS!!).exe
file	C:\Windows\Temp\Star Wars Episode 2 - Attack Of The Clones Full Downloader.exe

section	SdCsWJxh
section	UsllVGnN