SmartHawk

1.2

低危

57 个模型检测该样本为恶意！

重新分析

下载样本

0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402

0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe

分析耗时

187s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.10s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.05s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.86	Unknown	0.20s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:SillyP2P-X [Wrm]	20200315	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_80% (D)	20190702	1.0
Kingsoft	None	20200315	2013.8.14.323
McAfee	W32/Xiquitir.ow!p2p	20200314	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b5830a	20200315	1.0.0.1

Time & API	Arguments	Status	Return	Repeated
1727545370.656125 __exception__	exception.address: 0x401b02 exception.instruction: mov dword ptr [eax + 0xc], ecx exception.instruction_r: 89 48 0c 8b 55 fc 89 15 dc 9e 40 00 8b e5 5d c3 exception.symbol: 0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402+0x1b02 exception.exception_code: 0xc0000005 registers.eax: 8652736 registers.ecx: 29296016 registers.edx: 47 registers.ebx: 2130567168 registers.esp: 1633988 registers.ebp: 1633992 registers.esi: 0 registers.edi: 0 stacktrace: 0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402+0x14f0 @ 0x4014f0 0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402+0x106e @ 0x40106e 0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402+0x2820 @ 0x402820 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5	success	0	0

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2004-02-13 06:20:39

PE Imphash

27f21db1a40f044cb2ea9aa7f88716f6

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00005b50	0x00006000	6.363900829399006
.rdata	0x00007000	0x000009ac	0x00001000	4.014497177343175
.data	0x00008000	0x00003438	0x00002000	3.530340394246337
.rsrc	0x0000c000	0x00000ab0	0x00001000	2.789173186295458

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0000c408	0x00000128	LANG_SPANISH	SUBLANG_SPANISH_MODERN	None
RT_ICON	0x0000c408	0x00000128	LANG_SPANISH	SUBLANG_SPANISH_MODERN	None
RT_GROUP_ICON	0x0000c530	0x00000022	LANG_SPANISH	SUBLANG_SPANISH_MODERN	None
RT_VERSION	0x0000c558	0x00000554	LANG_SPANISH	SUBLANG_SPANISH_MODERN	None

Imports

Library KERNEL32.dll:

• 0x407010 FindClose

• 0x407014 FindNextFileA

• 0x407018 GetModuleHandleA

• 0x40701c GetStringTypeW

• 0x407020 GetStringTypeA

• 0x407024 GetModuleFileNameA

• 0x407028 GetWindowsDirectoryA

• 0x40702c FindFirstFileA

• 0x407030 Sleep

• 0x407034 HeapFree

• 0x407038 HeapAlloc

• 0x40703c GetStartupInfoA

• 0x407040 GetCommandLineA

• 0x407044 GetVersion

• 0x407048 ExitProcess

• 0x40704c HeapDestroy

• 0x407050 HeapCreate

• 0x407054 VirtualFree

• 0x407058 VirtualAlloc

• 0x40705c HeapReAlloc

• 0x407060 GetLastError

• 0x407064 CloseHandle

• 0x407068 WriteFile

• 0x40706c ReadFile

• 0x407070 TerminateProcess

• 0x407074 GetCurrentProcess

• 0x407078 UnhandledExceptionFilter

• 0x40707c FreeEnvironmentStringsA

• 0x407080 FreeEnvironmentStringsW

• 0x407084 WideCharToMultiByte

• 0x407088 GetEnvironmentStrings

• 0x40708c GetEnvironmentStringsW

• 0x407090 SetHandleCount

• 0x407094 GetStdHandle

• 0x407098 GetFileType

• 0x40709c RtlUnwind

• 0x4070a0 SetStdHandle

• 0x4070a4 FlushFileBuffers

• 0x4070a8 CreateFileA

• 0x4070ac SetFilePointer

• 0x4070b0 GetCPInfo

• 0x4070b4 GetACP

• 0x4070b8 GetOEMCP

• 0x4070bc GetProcAddress

• 0x4070c0 LoadLibraryA

• 0x4070c4 SetEndOfFile

• 0x4070c8 MultiByteToWideChar

• 0x4070cc LCMapStringA

• 0x4070d0 LCMapStringW

• 0x4070d4 CreateDirectoryA

Library USER32.dll:

• 0x4070dc MessageBoxA

Library ADVAPI32.dll:

• 0x407000 RegSetValueExA

• 0x407004 RegCloseKey

• 0x407008 RegOpenKeyA

L!This program cannot be run in DOS mode.
/<kRkRkR
^iRYjR\gRXWR
AlRkS\RDiRTjRRichkR
`.rdata
@.data
UQEPh@
MU+U9U}wE
tAt2t$
YYUQSVW}
+;r>})E
UQSVW}
t6t7)E
Yu3Vt$
PUSVWu
_^H[]Ujhp@
j?UIZ;
r;]uy;
;uY;]s
pD#U#ue
j #M_|
]#\D\D
VW3;u0DP
_^[SUVW|$
_^][Vt$
3^SVt$
>+~&WPv
YSVW33395@
_^[UQQSV5d@
rt`+tE
rbtHHt.
u@u;@S9]u.E
SUV333;W~]
;|?4$j 
_^][USVu
_^[UWVu
DDDDDDDDDDDDDD
It.ht lt
HHtpHHtl
YAE t!E@E
t;ERPWVEUe
~;E]xf
YY~2MQu
E_^[S?@
KVW~&|$
X_[^3^
YtF>"u
< v^S39
PY;5,@
8t9UW
YE?=t"Uq;Y
EYW6tY
8u]5@
[UQQS39
EPEPSSWM
YEPEPE
@"t)t%
F8"uF@C
@C8"u,
VW333;u3
SS@SSPVSSD$4
;t2U>;YD$
t#SSUPt$$VSS
;t<8t
u+@UY;u
3_^][YY
DSUVWh
_^][DUSVWUj
t.;t$$t(4v
VC20XC00U
]_^[]UL$
PYY\WP\@Y<v)\P\;j
P5`WP8`h
P6VYP6j
DDDDDDDDDDDDDD
<1u6=d@
t78t2=d@
|^k=D@
^#+t-Ht!Ht
5t.;t*;t
VuEPuuu
90tr0B=@
@j@3Y@
@;vAA9
Wj@Y3@
 t7SWU
BBBu_[j
VPVPV5
@AA;rI3
VWuBht@
;tg5p@
tPhlt@
_^[3L$
GIt%t)
Gt/KuD$
GKu[^D$
[^_SVt$
S>Yu+Vj
_^[3VWj
YY@}>j
8YUjht@
SVWe39=@
"WWSht@
M]9}tfSuu
tMWWSuu
Mu;tVSuuu
3;u>EPj
EPVht@
E;tc]<
euWSV[
e33M;t)uVu
PKY3UQ@
 ;t8WY;YEt*j
|)|||W|;)|Y5|B$|=
|+|C|*|(|w
|P||+.|
`h````
ppxxxx
(null)
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
KERNEL32.dll
MessageBoxA
USER32.dll
RegCloseKey
RegSetValueExA
RegOpenKeyA
ADVAPI32.dll
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetLastError
CloseHandle
WriteFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateDirectoryA
Winamp 5.0 (full version).exe
Winamp 3 (full version).exe
Winamp 3.5 (full version).exe
Update Photoshop 7.0 to Photoshop 9.16 (Its Work!).exe
Update Photoshop 8.0 to Photoshop 9.5 (Its Work!).exe
WinAce 3.85 (with Serial).exe
Download Accelerator Plus (DAP) (full version with serial).exe
RealOne Player (Full version).exe
BsPlayer v3.exe
WinRar v6.11 (with crack).exe
WinRar 4 (with crack).exe
ContaWin 2000 (full version).exe
WinZip 9.exe
DivX 7.2 freeware.exe
3D Studio R8 (It's Work!!).exe
VirtualDub 2.1.4.exe
MSN messenger 6.3.exe
Hacha Profesional Edition.exe
Simpsons pack guiones (Temporada 2004).exe
Mazinkaiser pack fondos de escritorio.exe
Mazinkaiser comics pack.exe
Juegos JAVA para NOKIA.exe
Capitulos ineditos de DragonBall Z jamas emitidos.exe
Pack Tonos y Logos para Nokia.exe
Nero 7.5.1.0 (cracked!).exe
3D Movie Maker.exe
Silent Hill.exe
PSEmu.exe
RM2GBA.exe
WAV2MP3.exe
GBAEmu.exe
GameCube Emulator.exe
Pack 50 Juegos PS2.exe
Pack 25 Juegos GameCube.exe
Resident Evil for GameCube.exe
Visual Basic 6.exe
Visual C.exe
Visual Studio (full).exe
mugen (full).exe
Fuck my fat ass.avi.exe
German extreme violation.mpg.exe
Sexo con una menor.exe
Pedofilia pack 37 pics.exe
Follada brutal coo roto.exe
Lolita Pack 20 Pics.exe
Puta come mierda.exe
Solo para Maricas.exe
No lo Descargues.exe
Dont Download.exe
humor.exe
Dont Touch.exe
Hentai.exe
Matrix Wallpapers.exe
Terminator 3 Wallpapers.exe
Hentai Evangelion Poker.exe
Shinchan screen saver.scr
Hentai Shizuka clit.exe
a pelo.exe
Chenoa en cueros.exe
WinAmp skings and plugins.exe
FlashGet Max acceleration (Experimental).exe
VMIntel386.exe
C:\Gusanillo QueBonito@Compartir.es
Hola tio! soy el gusanillo
como va eso?
Error in zip file
El archivo tiene un formato desconocido o est daado
Zip message
El archivo zip no ha podido ser abierto
probablemente este daado
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 256mb 32bit
VMIntel386
/Intelx386
/VMIntel386.exe
Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coos mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
EMULE.EXE
config/shareddir.dat
012345: :
SOFTWARE\Kazaa\LocalContent
012345:%s
DisableSharing
SOFTWARE\Kazaa\UserDetails
QueBonito@Compartir.es
012345: :
SOFTWARE\IMesh\Client\LocalContent
012345:%s
DisableSharing
SOFTWARE\IMesh\Client\UserDetails
QueBonito@Compartir.es
C:\WINDOWS\system32\b58debb8c5bfe9f7930aec5d9786a3abe89000d08128481c21583386cd750071.exe
33333330
{{{{{{{3
{{{{{{{33
{{{{{{{330
{{{{{{{330
{{{{{{{330
3333333
33?030
33333333
wwwwwwwwwww
DDDDDD@
DDDDDDGpw
DDDDDDGpw
DDDDDDDDDDD
wwwwwwwwwww
DDDpp@
(null)
         (((((                  H
VS_VERSION_INFO
StringFileInfo
0c0a04b0
Comments
ado especialmente para la gente que no comparte nada de sus archivos. No me seais taca
os xiquillos. jejejejeje
CompanyName
FileDescription
Gusanillo para que la gente no sea tan taca
a a la hora de compartir archivos
FileVersion
1, 0, 0, 1
InternalName
Gusanillo
LegalCopyright
Copyright 
LegalTrademarks
Debido a que es un Gusano, no creo oportuno rellenar este cuadro. jejeje
OriginalFilename
Gusanillo.exe
PrivateBuild
Comparte!
ProductName
ProductVersion
1, 0, 0, 1
SpecialBuild
QueBueno@Compartir.es
VarFileInfo
Translation

Process Tree

0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe (1784) "C:\Users\Administrator\AppData\Local\Temp\0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe"

Search
0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe (1784)

0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe, PID: 1784, Parent PID: 2264

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	720cb750ef8556aa_sexo con una menor.exe
Filepath	C:\Windows\Intelx386\Sexo con una menor.exe
Size	1.5MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`84add9e1eca8a5d2c1bd04112c35c9cf`
SHA1	`c52f2361c00d63c8231c74819378041ef263c850`
SHA256	`720cb750ef8556aaeb66910af64799671a00cf35b9ceeae33c85e99988ac451e`
CRC32	`9D80570B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	889067e0e0a8071c_hacha profesional edition.exe
Filepath	C:\Windows\Intelx386\Hacha Profesional Edition.exe
Size	1.4MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5106506c72ceb9814fc0bc5524ed39d`
SHA1	`8a0747bc5402982efdce9bda71ee7981b734e65d`
SHA256	`889067e0e0a8071c7e1303521a96ea173cabec994cb41f0ff334e2e91f878aa6`
CRC32	`5AFEB71A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf671d15c0c4f4a7_realone player (full version).exe
Filepath	C:\Windows\Intelx386\RealOne Player (Full version).exe
Size	2.0MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bba3772d094e83b046347ad45a280561`
SHA1	`f0c909d12551f8031f44d5f47939cfdfec587187`
SHA256	`cf671d15c0c4f4a7c8ac092cbc8fac6220794d9642e34c1fdc28709f6a2b764a`
CRC32	`27E64537`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c6e72e324f3e5257_terminator 3 wallpapers.exe
Filepath	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe
Size	1.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1409ea374cb5c50fd6113ef556292bb4`
SHA1	`40de1cd01ed6dc7d14681a95bf131d5042b41ba0`
SHA256	`c6e72e324f3e5257d14d6a433cf7ac0823f69a81bc570b42622ccba0e53c8d2c`
CRC32	`92264494`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32b7f565f66ea502_bsplayer v3.exe
Filepath	C:\Windows\Intelx386\BsPlayer v3.exe
Size	3.1MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`646d76fe70772d9ed54e2883ebef05aa`
SHA1	`0c190f9eb1c447ff71fb1671e89fd2dedb20054f`
SHA256	`32b7f565f66ea5029bc762e9d5b4cbed95000fce77ab8565673a2adc419a737a`
CRC32	`4F1C4995`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8187914e7aba5d59_winzip 9.exe
Filepath	C:\Windows\Intelx386\WinZip 9.exe
Size	2.7MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1d7ecfb959c47d0da896eea00ead4e29`
SHA1	`253f72311125d7fae963f933f1e6308dbb1c1609`
SHA256	`8187914e7aba5d59167e39515d20f51a7ee217c8f3b4c64b72c7663e2fa610e5`
CRC32	`9C5E5D58`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	72224d1163f22de4_no lo descargues.exe
Filepath	C:\Windows\Intelx386\No lo Descargues.exe
Size	893.6KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c1842250b26e01087f39914cbedd5e22`
SHA1	`35ec067b113ca4f28ac38354f9004b1eeb207906`
SHA256	`72224d1163f22de440c88f540b93471bf7f41ed37b009a8a4f937f7e8a905803`
CRC32	`B8A07C36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4591ac9ed8750c28_psemu.exe
Filepath	C:\Windows\Intelx386\PSEmu.exe
Size	1010.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c88c87935b6da58f04b2f6517fcbe1ef`
SHA1	`28f31687d5fc8efddd381d5dd923a353fa59835e`
SHA256	`4591ac9ed8750c28874a5f4068e547473f2bc173c85c38d34db1b3d21ab83235`
CRC32	`94A58765`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b9922651e4fc641_wav2mp3.exe
Filepath	C:\Windows\Intelx386\WAV2MP3.exe
Size	890.6KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`db5a11452a0877857dce487f26862791`
SHA1	`b742b09c9768de03fe7bf0241071267d56acda18`
SHA256	`1b9922651e4fc641e4874137066653487992d3a7c75f58aca5b322a1849e145e`
CRC32	`76AB49DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1ff1209bb45ae682_winamp 3 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 3 (full version).exe
Size	2.9MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3d36b4718a363da2c61e81f5604fe481`
SHA1	`6e6223bc24eee5d4656c24a34c31caf14d774641`
SHA256	`1ff1209bb45ae682f8c632ce582bb3418ec494b16f4c5dd12d0c9316fea9d232`
CRC32	`41B3ABB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	df347789596933cd_juegos java para nokia.exe
Filepath	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe
Size	1.5MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fe27ea22463d601bfd13f52d608e702a`
SHA1	`cfe2d1fca6551a714d1edaff2e0b4c4d544ed290`
SHA256	`df347789596933cd12a5b1db8c17668419cf4bfacf1b919870979b2e1385b2fe`
CRC32	`38BEC1D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	11caefbe8216157d_hentai.exe
Filepath	C:\Windows\Intelx386\Hentai.exe
Size	879.6KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1b5f798c3eadfe09849f9aca1b422840`
SHA1	`71e6cf77ce7aa962e5b29fd354eaee057d5c66ab`
SHA256	`11caefbe8216157dc67f8542ee6a1785694e86185fa2bee87b307562bc4fffa5`
CRC32	`7A59F69A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce996b7fda61caa2_resident evil for gamecube.exe
Filepath	C:\Windows\Intelx386\Resident Evil for GameCube.exe
Size	998.2KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`242dea59bcba03386784efe927cf849b`
SHA1	`1a065e570817bc147c183407ee8e7899bb6bb221`
SHA256	`ce996b7fda61caa2b4bed9c14cbf577637cd0414c867cd1903da6ad8e7fe1fcb`
CRC32	`CCA4F9CA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	92711d378fc17640_matrix wallpapers.exe
Filepath	C:\Windows\Intelx386\Matrix Wallpapers.exe
Size	1.6MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`41e48313d88aafac062c3dc6ee33a94e`
SHA1	`57a7874dc3a9914c463b00a031766f6ee3526e32`
SHA256	`92711d378fc17640029d82b1a01199e7a18e5129a0b316cca64814902de6f6f4`
CRC32	`9487C379`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f4b7b2ec5a28370d_fuck my fat ass.avi.exe
Filepath	C:\Windows\Intelx386\Fuck my fat ass.avi.exe
Size	892.5KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8ac83e7c80d609564d85052709d89653`
SHA1	`3d6ea78abb539396f699c7cb4cc25653ba10fb69`
SHA256	`f4b7b2ec5a28370d1015b621ef5c82b6e96ae331be09d46cd32b115e7ba3c0de`
CRC32	`F67483BA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f2bcc4dae13d0216_flashget max acceleration (experimental).exe
Filepath	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
Size	1.5MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`13ad5fc83aecad59c549e7743cb9d90b`
SHA1	`c366f5d1b0e1bb1e527f3e691537833378bf3ed2`
SHA256	`f2bcc4dae13d0216319f57e9f34cd6fb77b5d022dee8836b5c50c5eb00d55ba3`
CRC32	`C4B3FB4A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	46de88dfd71c2f78_pack 50 juegos ps2.exe
Filepath	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe
Size	1009.1KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d34ad9979bf5a1f9f16ecd53a7184166`
SHA1	`ffeb58a572d199179222ee6b1cc4dbe4588640ea`
SHA256	`46de88dfd71c2f78ba8180f740989fa91dbd9fd6df2bf304755745cabb204c2b`
CRC32	`C59ECF9F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1a4329c969d8bd92_winamp 5.0 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 5.0 (full version).exe
Size	4.1MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0ab0a917ea669717ecd7ea27516c62b8`
SHA1	`5004129e390a0a519fa27bdd1182e992797b4a41`
SHA256	`1a4329c969d8bd92b6de04095c5258a82c1f6c955d3c7f5149525fc31a772602`
CRC32	`C9A7BA9F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f45e530345c8a912_pack tonos y logos para nokia.exe
Filepath	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe
Size	2.4MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`964c0300fffc1692ed216dd3f30bafa0`
SHA1	`3308890103fd2a880fbe9bbe6f5a378f1fa6b4c5`
SHA256	`f45e530345c8a9124b7e8d861fe04e54feb2aaf3da4207854c1dbb858486e34d`
CRC32	`E970094D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1de6abd62e97cc4b_winamp 3.5 (full version).exe
Filepath	C:\Windows\Intelx386\Winamp 3.5 (full version).exe
Size	3.3MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0d672ab4d04ff9b96d528ea2c6fc3497`
SHA1	`607ccedc3674d9262ce2694797acaeb00eea3d3f`
SHA256	`1de6abd62e97cc4b023d1f94b6542d018495b7ed19100ed1ba24892b0d5b4f00`
CRC32	`5A759722`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	306cc163d213bcd9_contawin 2000 (full version).exe
Filepath	C:\Windows\Intelx386\ContaWin 2000 (full version).exe
Size	1.9MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1426ab2bf03deafdfb6fd65efdbb898c`
SHA1	`e56bfdf4cc22ee17d1fca7ad40c31dc84009286e`
SHA256	`306cc163d213bcd922922fae4ce799aca5eac16cb6df2ce7933bf598a7809133`
CRC32	`925B09DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5a34f29be03f0c5b_silent hill.exe
Filepath	C:\Windows\Intelx386\Silent Hill.exe
Size	1011.1KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8ec2b7bc01fa2807bc9cb771eafe093b`
SHA1	`c2bf4ba0a04804bbadf79cdad13d2adf4b86309f`
SHA256	`5a34f29be03f0c5b4830528f37affe5d8af212ff5120ee7dced88a174aebb0a3`
CRC32	`199E833A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f95afe41e7f3281_hentai evangelion poker.exe
Filepath	C:\Windows\Intelx386\Hentai Evangelion Poker.exe
Size	1.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c1d9b1d84baa7b9752f2426ffde27557`
SHA1	`ef8d9a209cd8baf52a74d5c8459623262ac3663c`
SHA256	`2f95afe41e7f3281f7cdb1178a8cb5588e93a0930a75cdd955b062d603019861`
CRC32	`0039E0C9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f91dd913595f9b1_nero 7.5.1.0 (cracked!).exe
Filepath	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe
Size	7.0MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c9cfc7e5a9372074ca0e0c8d546015ca`
SHA1	`57fb6f9968af9fe84f2352945ec6a9ef7345662b`
SHA256	`8f91dd913595f9b17bd76c4cb4146c7ae8e43e71353c2b9dc02b7912a4112ca9`
CRC32	`C495C1DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1a239a6c95a31d35_dont touch.exe
Filepath	C:\Windows\Intelx386\Dont Touch.exe
Size	893.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9ea22f700f245a224b83b13f0e220d70`
SHA1	`32b0f202e8b128de5c5d9fa0348c460ad2723a62`
SHA256	`1a239a6c95a31d35870347e00bd79e02adaad84ba1937a6a203a1d1256a15ec7`
CRC32	`7DEEBB73`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fb9edeaa1b2110a3_visual studio (full).exe
Filepath	C:\Windows\Intelx386\Visual Studio (full).exe
Size	892.6KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`17154b736d1d3b51c0ecb2c0c1f77ce9`
SHA1	`676b9d98a4a5ed766ecb48d3f6c0189f80e8e1a5`
SHA256	`fb9edeaa1b2110a35b01bd97730ccf16e072c0241b32e21071c0929e9f239f94`
CRC32	`BD794F43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c3cee62d8b4139cb_mazinkaiser pack fondos de escritorio.exe
Filepath	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe
Size	1.3MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b2e159db2250ab913c8b3f13315e250c`
SHA1	`344bf323ece5343ed13f7bfa572077c63eb87834`
SHA256	`c3cee62d8b4139cbd907cc1a6b11f3171781a1e67204a4af222dfcc3ac36047a`
CRC32	`B3C7760F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b40a9285d8147c3_shinchan screen saver.scr
Filepath	C:\Windows\Intelx386\Shinchan screen saver.scr
Size	988.5KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`03b14d3507aa170ef443433c9cd9b389`
SHA1	`3de23e60314a3425a2bced026d7a100b5627ce8a`
SHA256	`1b40a9285d8147c3ea9fe710c0bb312945d98cdb024ce9838608749c9dbe3af3`
CRC32	`F984130A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef8a4469e0115885_virtualdub 2.1.4.exe
Filepath	C:\Windows\Intelx386\VirtualDub 2.1.4.exe
Size	3.1MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`22e5ba31a19a197d13aea4cf9bd596b8`
SHA1	`67908454db06565e1bdd888e2b7a4952ee519e6c`
SHA256	`ef8a4469e0115885f6c76daddab61b81e5c12e18a6d25cccaf7d7bf9b1678486`
CRC32	`B84D5707`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49a2065fee19a92c_download accelerator plus (dap) (full version with serial).exe
Filepath	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe
Size	2.0MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`08ca1d7a45fd5cc622b55151de42fcd7`
SHA1	`e24ff3cf2856c4acf37bb136da7a5ccd3f26cdb9`
SHA256	`49a2065fee19a92cf9363173f6abe769e5149ca3b1dc9f5f8a4d12532746da16`
CRC32	`8C1BA316`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c69fe922e3c9f34c_winrar v6.11 (with crack).exe
Filepath	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe
Size	3.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`19575248c93450e38e581a9405770bfd`
SHA1	`9a5366c6d894f78cdf3f690ad0ca7d5f6021775b`
SHA256	`c69fe922e3c9f34cb45520a624840e1d7dfc184017267ba778e2348268739c2b`
CRC32	`537E7935`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca6f7218494b9c19_visual basic 6.exe
Filepath	C:\Windows\Intelx386\Visual Basic 6.exe
Size	890.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e7f47a4b7da67f7b3f3fc0586ca5e59c`
SHA1	`53cf1343b64127171aef6b15ee0c91338030cce7`
SHA256	`ca6f7218494b9c196ae73403f06f3f61a06d57375d7fc25b4a58fdec59808112`
CRC32	`71BDB0C1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d73664b4caab9fb9_rm2gba.exe
Filepath	C:\Windows\Intelx386\RM2GBA.exe
Size	890.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5e82956a84cb55cfdc48a5e82eff8fe6`
SHA1	`8162db4c9c02b31f99b754a226d14187ffa4a85f`
SHA256	`d73664b4caab9fb917d7209042f146103b4a1a80525d4914af4749a3c85340ef`
CRC32	`D0821589`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	53d769fac3fbe327_humor.exe
Filepath	C:\Windows\Intelx386\humor.exe
Size	903.4KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d413879e81daa38c3f61ca86e0edd0e3`
SHA1	`28550894c8822272017888bc93ae4c196d111735`
SHA256	`53d769fac3fbe327d80da0d95b6b23b7d6f3ed98bec873a7f74bfb6b4f8ee685`
CRC32	`AA6AF859`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b86164972fa2de51_chenoa en cueros.exe
Filepath	C:\Windows\Intelx386\Chenoa en cueros.exe
Size	892.8KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9f37ee4d29c0e2f03afe301657deec46`
SHA1	`199335c05075a2c3b34c4f78dc672b0aad8cabf9`
SHA256	`b86164972fa2de515f8e1eea34eb5224e16b684899f8324a9c2094c8fa713798`
CRC32	`927CD94E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef1b8ca6cdea7ac1_winrar 4 (with crack).exe
Filepath	C:\Windows\Intelx386\WinRar 4 (with crack).exe
Size	3.1MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cd3b20cbf8a0c1a3b7cb931693313b39`
SHA1	`8f6aa21220593ce759a53855460c2dbe167abe3c`
SHA256	`ef1b8ca6cdea7ac13d57e3d0c956ccf0f44b7c5f5bfc3cc85a6bda792ee6f319`
CRC32	`32A7AA87`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c073b37011690fe0_update photoshop 7.0 to photoshop 9.16 (it磗 work!).exe
Filepath	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
Size	2.5MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f41bfd894e648bb8ce198c828ede24d2`
SHA1	`4946c127f872d8dd5ec93c44010b05eef143b170`
SHA256	`c073b37011690fe0782b8568abadefb6eaaf239e8f7572dd0685f96487b7fd41`
CRC32	`2461010E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	53f2440e98127f30_follada brutal co駉 roto.exe
Filepath	C:\Windows\Intelx386\Follada brutal co駉 roto.exe
Size	4.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fbf3a3607b2d9992fe361b78b99a40b3`
SHA1	`a4a4dbfe75f137740052d5492e0e687f66969c6b`
SHA256	`53f2440e98127f30d87a3c6ee0012e4a38edf75872d27be0c0016d5ec5aa0c2c`
CRC32	`ACE9AFA5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2ccc0cedb1fbea8b_puta come mierda.exe
Filepath	C:\Windows\Intelx386\Puta come mierda.exe
Size	893.5KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a7edc517fb573453f858c4ebfe936381`
SHA1	`508dd0218b0c4ddc319f20098e5b57b231f59bed`
SHA256	`2ccc0cedb1fbea8b50359c955e034546e43526f404bb660dab4fa10ed8156722`
CRC32	`E554992E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a91d59abe0ebf13_solo para maricas.exe
Filepath	C:\Windows\Intelx386\Solo para Maricas.exe
Size	914.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4215952ecd8f39e79af0aca9b038c710`
SHA1	`78b8d97d81453f8cd33dc0759ada69fa34175f46`
SHA256	`2a91d59abe0ebf13ac38d33aaef5b9e6ffb3c6eec1ed08b8d25deb125b53928b`
CRC32	`1AC5FA59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e7844f2d01323da3_3d studio r8 (it's work!!).exe
Filepath	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe
Size	9.6MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`556e923db59ef0147976fad498f38653`
SHA1	`c5779f81a0d5caaad1a732e7658cf94c47d629df`
SHA256	`e7844f2d01323da3b5575e21497e92f8bcbf413d78f98ba776a87f9f88361807`
CRC32	`155FBC92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca4198c5287cafc3_msn messenger 6.3.exe
Filepath	C:\Windows\Intelx386\MSN messenger 6.3.exe
Size	2.7MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4eed3b54ab2763d170cc63b6313fae53`
SHA1	`5b1a3837988d5748991b6dc841857aa4f15f24f0`
SHA256	`ca4198c5287cafc3d1f5448c041f80ac79eae981a0d987f886a52c6de5b9f4b9`
CRC32	`AE22A032`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23e9adad2e47ad88_divx 7.2 freeware.exe
Filepath	C:\Windows\Intelx386\DivX 7.2 freeware.exe
Size	1.8MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d2f93c64a78f2db2973cb57f8187a14d`
SHA1	`7e95f3b0a4042690be648473ab8aa56df7c44873`
SHA256	`23e9adad2e47ad88aedb0fe2508a6eaff66dc02d31804423f29ea7ee5d0a9f8b`
CRC32	`3A421AEE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7085abdefa3bab04_pack 25 juegos gamecube.exe
Filepath	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe
Size	1012.8KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2dd194f21f40d170213a536a3376c957`
SHA1	`2bb6635b5daa0cff3db4bc1c7d6d17bfc4e4b5ff`
SHA256	`7085abdefa3bab04bdc0e8ca0d4d54ad0274f9efb0ec7bef540ad07c32685909`
CRC32	`21B96E5B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	67b00bfb175e23a9_3d movie maker.exe
Filepath	C:\Windows\Intelx386\3D Movie Maker.exe
Size	979.9KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4e0227e505c5d7793b883d82c27e3002`
SHA1	`5fe85e9bca7ad7f18d330939c145e568548851c5`
SHA256	`67b00bfb175e23a9dc0c6468abbe770896e7316ae1b8275a381240a297076207`
CRC32	`D8200933`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa3a850a00dcc141_pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas co駉s mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
Filepath	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas co駉s mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe
Size	13.1MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`83681bfc81d7380d742981499f05a938`
SHA1	`81187f8ba2b4788d62b077ceb013f9b29c989247`
SHA256	`fa3a850a00dcc14174643cdab3ba5093ad48bc76af8e069ccf952db16c15779b`
CRC32	`F43EA4D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	052af5b2234af0bc_lolita pack 20 pics.exe
Filepath	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe
Size	892.5KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f942fe8a3a408beb605060026fe3202f`
SHA1	`e989ddb22d561cfa1fa9b3943f826c70803d5208`
SHA256	`052af5b2234af0bc46b7a0f06f167fac73e8e2061f933ed550bc1f58c753c8c0`
CRC32	`AA0C697D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f2675a6d3d9a227c_simpsons pack guiones (temporada 2004).exe
Filepath	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe
Size	1.4MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8c33d8dfb1edf8373532720ccb4ec4c1`
SHA1	`3e145cc45881746f5d9d990bfd13a46750c77ffe`
SHA256	`f2675a6d3d9a227c1dcbc15367f2f0498cf98bdb393a161a0665106e6ca68565`
CRC32	`A66CE353`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e88f279b8b573004_mugen (full).exe
Filepath	C:\Windows\Intelx386\mugen (full).exe
Size	892.5KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b0674638b8c6363bc321f5b951ebd219`
SHA1	`454bb0857b8fec44d46dab02c6fbbdc6ecdb0890`
SHA256	`e88f279b8b573004d16889d6698a22fb777d89a3efbf142936664c498a1939a1`
CRC32	`26BABEA3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37a38dd7ea7b5435_winace 3.85 (with serial).exe
Filepath	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe
Size	4.5MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e6776bfe03cb51144a50e65d9219e19e`
SHA1	`6fed9ba4b8b749211a186cc637628d1734962f81`
SHA256	`37a38dd7ea7b5435e4497f9835d4acc0ee90fddcce5dc863721258b8146152a0`
CRC32	`2FF4F8E6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c70a02eae3b7189f_dont download.exe
Filepath	C:\Windows\Intelx386\Dont Download.exe
Size	898.9KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6ce6bde42e9c4efd08d2132120ddbf69`
SHA1	`36d1c4dda571dda2486919513c5e2f12bfb0e745`
SHA256	`c70a02eae3b7189f81b1e1d170eacf8c009ddb6e131caf8b5fdec2d1c625eca5`
CRC32	`90C943C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62355bbfe6f39098_gbaemu.exe
Filepath	C:\Windows\Intelx386\GBAEmu.exe
Size	991.2KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e94a0f27479704a5394b8dde0a70e171`
SHA1	`f59525eb819a06a630c1aaa8cf52ee1a97b496af`
SHA256	`62355bbfe6f390981ad9a000a91534506a3d6e4bf5bb8de82df10cabab6b7335`
CRC32	`7B791AB2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	826bb42f95aa0db5_gamecube emulator.exe
Filepath	C:\Windows\Intelx386\GameCube Emulator.exe
Size	903.7KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a197e8e631f0d1a353c503f9e4511918`
SHA1	`a36bc0709678757bb64edf7d652a69bbff6bb6d5`
SHA256	`826bb42f95aa0db534e8a2424cd2edf9f05f8249ce4557daa31020154be5e2c3`
CRC32	`BAE79AB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dda0224761b65704_german extreme violation.mpg.exe
Filepath	C:\Windows\Intelx386\German extreme violation.mpg.exe
Size	910.3KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c0968545a4fccb1b0107edc4d80f1af3`
SHA1	`e247181afcca8f0dbe2617a379db5c777627f984`
SHA256	`dda0224761b65704ce5e2352866383f1a3652b61e791bbe0468da308939195e9`
CRC32	`4F96F357`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5440120bd4666d39_visual c.exe
Filepath	C:\Windows\Intelx386\Visual C.exe
Size	900.3KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`703ff6b26a235d120c2d73e191c24957`
SHA1	`cdb0bb970817f3b530aaf4b0ea14f3b439f663e2`
SHA256	`5440120bd4666d39fa3231730fddf94142a1dbb11dfe5a28b39acd531193ba8c`
CRC32	`2DC6D5FA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccdff84880bdaffa_capitulos ineditos de dragonball z jamas emitidos.exe
Filepath	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe
Size	5.8MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0b9d70231fb0156555e00f9be61d0d11`
SHA1	`fa3d57d825b02bba0e8367fe2649a263cb7ed671`
SHA256	`ccdff84880bdaffa6b0f9d71a523b7d21d36c8e3602fb2c11d4e7edda0eafd92`
CRC32	`69AAF1D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	836f80926baf4eeb_hentai shizuka clit.exe
Filepath	C:\Windows\Intelx386\Hentai Shizuka clit.exe
Size	1.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6b58c0b13724e30365a30bcabfc9ebac`
SHA1	`4b1570effd9da0713c5aa6adc3cefdcdc5a2d1dc`
SHA256	`836f80926baf4eebcadde91ff4d35ef326947f2f199d9fadb131e9ba29a0ba03`
CRC32	`B79AE9F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	347cec2f74ef42e4_update photoshop 8.0 to photoshop 9.5 (it磗 work!).exe
Filepath	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It磗 Work!).exe
Size	2.6MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c4766ed622ccea9c20bfde4427b5a18f`
SHA1	`3313f09b8f2dd90b2550820da0aa2cb79a207429`
SHA256	`347cec2f74ef42e4a3e6fdcf64a1f50c56a366081e7a79cc84d45eb5d28e0cab`
CRC32	`5E518D17`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d212e226a4f9fc8_vmintel386.exe
Filepath	C:\Windows\Intelx386\VMIntel386.exe
Size	879.6KB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b8ca481f7df2ab577a18b17fa88a3485`
SHA1	`e4de7426fb4e0ec8371a36e30c31418875806cf4`
SHA256	`0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402`
CRC32	`A2616ECD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	952bc11b207787be_pedofilia pack 37 pics.exe
Filepath	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe
Size	1.8MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`aa8ef1d870ad63bad075a36f5cef93ef`
SHA1	`4852a7a52c0ef2d2ff8318f842c14b9bf4b104f3`
SHA256	`952bc11b207787be8d147486621925da0e8d5e2b5d2d38c13aec6b8fe79f1fcf`
CRC32	`E3AACF71`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d0d2941b15e0c1ea_mazinkaiser comics pack.exe
Filepath	C:\Windows\Intelx386\Mazinkaiser comics pack.exe
Size	1.2MB
Processes	1784 (0d212e226a4f9fc898cc2a0e4e3638ec7afb86120f890f5f6c1bf5b5f32c7402.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a0f5921d69ec28986e787266e78342c8`
SHA1	`faedeb3c3dbdcc4434ea7de52495303cec2370f2`
SHA256	`d0d2941b15e0c1eab93b1e6a2b3f31e0c2fa3ddbf1b9b9c7b37e1850b69f3c6c`
CRC32	`208DA6C0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

ALYac	Trojan.GenericKD.32239357
APEX	Malicious
AVG	Win32:SillyP2P-X [Wrm]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.32239357
AhnLab-V3	Worm/Win32.RL_Small.R284018
Antiy-AVL	Worm/Win32.Agent.a
Arcabit	Trojan.Generic.D1EBEEFD
Avast	Win32:SillyP2P-X [Wrm]
Avira	TR/Dropper.Gen
BitDefender	Trojan.GenericKD.32239357
Bkav	W32.AIDetectVM.malware
CAT-QuickHeal	Trojan.Mauvaise.SL1
CMC	P2P-Worm.Win32.Small!O
ClamAV	Win.Worm.Sillyp2p-7194313-0
Comodo	Worm.Win32.Agent.NIQ@8hjo1v
CrowdStrike	win/malicious_confidence_80% (D)
Cybereason	malicious.f7df2a
Cylance	Unsafe
Cyren	W32/P2P_Worm.NXSZ-6858
DrWeb	Win32.HLLW.Xiquit
ESET-NOD32	a variant of Win32/Agent.NIQ
Emsisoft	Trojan.GenericKD.32239357 (B)
Endgame	malicious (high confidence)
F-Prot	W32/SillyP2P.AP
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.b8ca481f7df2ab57
Fortinet	W32/Agent.NIQ!worm
GData	Trojan.GenericKD.32239357
Ikarus	P2P-Worm.Win32.Small.p
Jiangmin	Worm.Small.q
K7AntiVirus	EmailWorm ( 0055a1d81 )
K7GW	EmailWorm ( 0055a1d81 )
Kaspersky	P2P-Worm.Win32.Small.p
MAX	malware (ai score=85)
Malwarebytes	Worm.Small
MaxSecure	Trojan.Malware.121218.susgen
McAfee	W32/Xiquitir.ow!p2p
McAfee-GW-Edition	BehavesLike.Win32.Xiquitir.cz
MicroWorld-eScan	Trojan.GenericKD.32239357
Microsoft	Worm:Win32/Small.P
NANO-Antivirus	Trojan.Win32.Small.fsvyjs
Panda	W32/Xiquitir.A.worm
Qihoo-360	Worm.Win32.Small.B
Rising	Worm.Agent!1.9D8A (RDMK:cmRtazp+/ejsLOSxcdAgpMESuRGj)
Sangfor	Malware
SentinelOne	DFI - Suspicious PE
Sophos	Troj/Agent-BCMZ
TACHYON	Worm/W32.SillyP2P.Zen
Tencent	Malware.Win32.Gencirc.10b5830a

file	C:\Windows\Intelx386\Puta come mierda.exe
file	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe
file	C:\Windows\Intelx386\German extreme violation.mpg.exe
file	C:\Windows\Intelx386\Hacha Profesional Edition.exe
file	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe
file	C:\Windows\Intelx386\Silent Hill.exe
file	C:\Windows\Intelx386\Dont Touch.exe
file	C:\Windows\Intelx386\MSN messenger 6.3.exe
file	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe
file	C:\Windows\Intelx386\RM2GBA.exe
file	C:\Windows\Intelx386\Sexo con una menor.exe
file	C:\Windows\Intelx386\a pelo.exe
file	C:\Windows\Intelx386\GameCube Emulator.exe
file	C:\Windows\Intelx386\BsPlayer v3.exe
file	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe
file	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe
file	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe
file	C:\Windows\Intelx386\ContaWin 2000 (full version).exe
file	C:\Windows\Intelx386\Solo para Maricas.exe
file	C:\Windows\Intelx386\Chenoa en cueros.exe
file	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe
file	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe
file	C:\Windows\Intelx386\Hentai.exe
file	C:\Windows\Intelx386\Winamp 5.0 (full version).exe
file	C:\Windows\Intelx386\Visual C.exe
file	C:\Windows\Intelx386\Fuck my fat ass.avi.exe
file	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe
file	C:\Windows\Intelx386\Visual Studio (full).exe
file	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe
file	C:\Windows\Intelx386\Hentai Shizuka clit.exe
file	C:\Windows\Intelx386\Winamp 3 (full version).exe
file	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe
file	C:\Windows\Intelx386\No lo Descargues.exe
file	C:\Windows\Intelx386\GBAEmu.exe
file	C:\Windows\Intelx386\Winamp 3.5 (full version).exe
file	C:\Windows\Intelx386\Follada brutal co駉 roto.exe
file	C:\Windows\Intelx386\Matrix Wallpapers.exe
file	C:\Windows\Intelx386\Shinchan screen saver.scr
file	C:\Windows\Intelx386\mugen (full).exe
file	C:\Windows\Intelx386\Dont Download.exe
file	C:\Windows\Intelx386\Resident Evil for GameCube.exe
file	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe
file	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe
file	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe
file	C:\Windows\Intelx386\VMIntel386.exe
file	C:\Windows\Intelx386\RealOne Player (Full version).exe
file	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It磗 Work!).exe
file	C:\Windows\Intelx386\WinRar 4 (with crack).exe
file	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe
file	C:\Windows\Intelx386\Mazinkaiser comics pack.exe