SmartHawk

1.8

低危

67 个模型检测该样本为恶意！

重新分析

下载样本

09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53

09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe

分析耗时

272s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.81	Unknown	0.31s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Worm:Win32/Picsys.367	20190527	0.3.0.5
Avast	Win32:Picsys-C@UPX [Wrm]	20240403	23.9.8494.0
Baidu	Win32.Worm.Picsys.a	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (W)	20231026	1.0
Kingsoft	malware.kb.b.793	20230906	None
McAfee	W32/Picsys.worm.c	20240402	6.0.6.653
Tencent	Worm.Win32.Picsys.a	20240403	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

1992-06-20 06:22:17

PE Imphash

359d89624a26d1e756c3e9d6782d6eb0

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00056000	0x00000000	0.0
UPX1	0x00057000	0x0000f000	0x0000ec00	7.9075039579713575
.rsrc	0x00066000	0x00001000	0x00000400	2.791128521214198

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_STRING	0x00051958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00051958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00051958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00051958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00051958	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x00063808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x00063808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_RCDATA	0x00063808	0x00000050	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library KERNEL32.DLL:

• 0x466254 LoadLibraryA

• 0x466258 GetProcAddress

• 0x46625c ExitProcess

Library advapi32.dll:

• 0x466264 RegOpenKeyA

Library oleaut32.dll:

• 0x46626c SysFreeString

Library user32.dll:

• 0x466274 CharNextA

L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
rrTlr'hd
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
 vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp 
+v6aH;=
pu,zPU`<
"]i]L-c}
zovj|Sg
9,vH.u!
?W[a,DE}
3YAt0t
WT:02[?
o!t1|9
< v/;"
8+;"up[a
w`-dAKg)0
<_EP3Gk<f
_k/Nmu
;Y&jV@
r4ELg`Zu{^\H
'vw6#|@!
W`R ZHQ69sk
&wc]ThhX+jd<gd[
4C=Br/
G8^7GK6
 t>-tb
+t_$+xtZXtU0'>
DFw){-i}
~ExC[)A ;
*tAvar L0
Y12[g6
[1OH}DD
 @C#m#
4.7@v:k
&DK_n2xHW
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RBM~QC/j\
Cv)/&D
dEJzEb
9;5Sc=];Z T7aZ%]g']
R`%uYnb
_PS5[ !A
AW{4h:Am\M
>Uhi20d E
C5@2dY
TOfpvT+
lOFTWARE\Borland\Delp~\RTL[
FPUMaValue6-9
9jK8Qb
uoVt6Vv<q!_~E!
fiYRjZjX)@tG
f}P6X^^
a;%~R5|
5l[%,y
#"4?P]Xp
RZ.;;
v).w U5
X;4zd,Y
l]u(h64R
(.u*5RNc
9Zd$,_
t=-oo."
/'=t&,*
?tq1(5
Q4pZ1P0,
Rn|t1S}h
5]_4V|K0nx]
f*+8:V
[$4V@Oa^
|BX"S-
\mBp-xX
~~:)~$Pt
!(Y6J4
}(VE<p#g{
JZ1!R:
Z).Cum/-Rf;0 
Dk9:;//*
?OPyEV
oOEpq P7
JZXA$C
8t2SCn6,#
&I:H@W[yB0tX-o
lo}<v<
v,`[2B
>:2ld4Uf
*[1C9w
,K3A{JI'
{-Qu+P8V
m6.h{u
E)[Es$6C.
e`;>UF
cLtu*f
PV2e6{
+HP)^@_(.
?@Y6@pVY&
\kernel32.dllWGetLongPathNameA
l";H+bQaG;`g+J
jV4jxtd
5zjQof1
twareQcalesA+s
gml1h(
;Ufk#Z
V.*hGp-`dPDm
S0.J4?
m\b&d?,\
+KM<K MW <
3AP$#y HP$
Exceptim
gTPB$qEHeapZ
EOutOfMem%CyKvIX
EIn]Err[
t\ CBpWpBQ
EDivByZeroB Range#
6rInverflow4Tc
B cYe<UW<U6Xk`k
({UXW#^
_-M?PoinHV[
[Casto[$C
EC%i@^d<
EAcssVla"+`W`W.x
oStack
XolBtjlCklW
Fand(Y_+
fd(9;8[
D oSafecal
SysU"ls
$OZ,b3t
Bo3j3Ef
wV_$+X#
U?~(\>
_[KHWV
AlPO!>P[^_3
/0o/t!F<U
'lJ4<
Sp]64D
<%6Ju+E]}Q
}(_BMpZYN~vMD<*t"<0r9w9i
Xkot|'
9`]6Mi`
,FcW0vQp
?uvWr:
fVO_P+;"
NtyM=o0_
=t~U}&
%&;|C0
F8}l`},
9uX^`=
M/c/).
DU.U7}n-]cg:s
Ic\@}B-ol
5-\zINFN
o)E]UJ
*Y/aHCTIt
m%ZT[YC
*$u_{(
Dw<D*Lm
|)A->
d69>{U3Q
c(o`CDHX`Ye,U"XG8C
|@`K1Y
_%9zp$$
'=XejK
6bAYwv
P!/>%A
Lp_5VR
|p/p;~^,Hm\
+2]&\m
CYGl!T{n{n/
a\=T8^
OY|jEal
L$H3X|
PPX;<=<o5
UD%tQ_
Fr,Z;&Z
Hk+F-97
aLGfLts_D[W
|Xs0fr
d1YSU 
<HtHU3t7G5(
*LFO-Q
zVc0xZC
snuH>^
zH3j)SS
B|o3vF
$$Rp-Z
sxur\8Z4
=7;S4p
%MFWhaJf%<`]
PaBLN(NhN|
'"g_"3
hL^;41
o0}Wn9
6+Hu.jJL{
.?~iX 
 221`st
<?(.@3
dmH>#AK
pKhoNe#
+DiskFreeSpaceExAxT
p|4M5t
lxd4]$\
0TM5]L
<4M44,T$4MD
Ml4M5@l|
;xffXVi
b|An/xtt
,f{Ap#
lfn h/Hd
RJHfwdod
!G>30YS
L2D@84
s@x*`dd
 on cu
/\(somyrape).mpg.exe
{ear-ld webc
"tpifOSlay stl
 emuo1c
_X pro }/ger{("K
f]oepoJ
nk@"JpUnZR
&inYF''jje- x
} nurSVc}
3noth b-
us vic"f
^/d 6}3!'.nikki]ovaD"` huHD
kMjob6o
K1Sutr
pk6KY3BV MZCZ1WW+I@
[`eAbB
[kYop*cbbyk
i3uckfk*ZL 
2F3 gMh]Uwx
vtuamcB
L@.6o(
13)#OLn/*MSN
-Z;wNd
w0`#-_m^
r7&v3lg iF0:
h4wKUffNwq
-%up>?
([Website2LM:fA
`1wtu~Uf
;u!<guy
BTY[sD
CD KC_+GICQ[HF
TA 3bvk8Gr"=fau^:
$D1C9j5p
a3Gm]Le
C()rN1y
V/M4vmt\
;gMdG;
9;pan?u
Dbt6A.
7!e"7d
g(zip/aim-H
gW@hAIM
01FZodC
5 tA %
/6kHsib 6d/g
sKQxdIPUn,`
?]X3w20
aHbu2N/.csCl
x)?CaG$a.[f?
 R/7$CaBs
M?$c%4
REEYl2%aaZ/%l?!b+
)w2s_a
77eaNp",
1J!+C)|1?6
(V=m!6)W)ZW9i2
!P+Rn0:*
Og2`@%cA{h_Bo\0,3f
Uh`'sB02dQ@t
:nP8rf
6]c2d*Mbn
-dr&mz#
;m1G3m/=
Ln=l-ero
t#5:T+[sV1bqslu\h
weehay8`aMh&FtkU^5
!C.os^b!
]5gg'5bmX
6gq8qpkn-,
~xXq8EW8eeGL?j-
wYp-cLpl
Yk7w-MjsR#
>G+Ehq-pp@.Zpsy
c`lho|ipmCeB
oG9|eA&L1pGe
$Fr'4p43d;p_6
a7alp D
fxSo6ky-3fMpE
rbl1|;a
K.9=tZsguPxpV
utE0jH
L];P!xua
C6o7#mj-mR
pyhn@eHiiaAsDz&-t
B0wN0&
kyxZCz
s4po=0
j2+`hhsW/
Ecu`4`ndr!
Gs6H,Od\!%
a7"h(9x0;1.q"`YnJ(
i0enb+KI
iBcC\Spr
F$,;`>$4p3J0m"t?0hy
Ff2-a+
mroxwx!
; etJHH/0`'kiE
V /A$`v.x0tu}!
<pb31
+xb$l33W L!
`y>M-!
uec=pPt!zEac4C"Ex
85r[BIzRr
\,fadra0Bk
C#!;ph.
uAzjdo7sef1
!eIW7om=
8>H?`V
u1@$n*p`cV%6{ !aJb
%![pM:c
)$`by^
C1HOyz
hgL66u!`z
9]D56$
*MR-acya Vc
L_Tsa-#d-;N*
u3`5mKa
bnkqh`
C4wc;-+zyhH4E'
a\H9:d(b{2
79RUlley
:Hqx%W{
^djNtB]
g:f]mz
 r$fbq-0bu
5P8=l8Dn/
^7_\C"
0z<}G5!Nd{/zBY!hcz=0,
,ChJvjpb,`
cZjIpl2S%
%cd80k
X$4d3*CiY
>WQ)+-X
r2y.7'6a
)d\ajh
|pdwg&,B(
tvaa7Y2
"_[1n|2,
u%T%_dX`6-XU
, C]"Bi
shZJ:T
FssNaC^
N$q-JX
lLX7iGQx
3%K+U<^
sZ`'98G
svw.7bIIp-iv
&-eRBPj4HD+zp{t)Ih
{BdK`50ae3
!7kA|+s
#x9seEbRy
#%5kyGe/!%c)+)WHpE\
SJY^Jjqj
LZRVbw
YWT=yJx
K[C@.~_KD
35i*VFmyS
0+tMICp'
1{YK]R
)pJ2y+5%L
\BMw,ew
Rk,@W}e
2Jt..[
%ef)aR/!
-O.&Dc
kso58Pt
J5glv>B
@O~Pe'
^!(^dcF
ov(+9ZKq X'qu,
nBb&+`D
%5mH&Ly!x)#CWu(2,
X`Pyi 
!s[YA
#Ha\(%kh`,*$gRSj*L
YAasMg\;otAk
`YS9%M(
rH+(p ,
cBIF;%`N[#&
2/+i& ja
x37a2An
xw=lgos!o
;0I6VF^5X(K$
cqB,<jteQ
,'+,&2temdU
~D+!&%C
p`!cFS
lb;L)h
WUck_ y]Fup
wZlspH_f>
fmQa3<
 %DkxL
*t"Y>0$y
|r-`F$\z
(aa 3oB#+[^K
.!+2M 2
8iHCk1
7E!HHEg2
Nji?%+\2&
0B5XRgw
!_"-2g46H
X8f Vs
DNsG!N1
+#E|HID
j!w}]
r[h/J 
026fdyu
rd,ika`
H-$NS;
FzV.I8
tQbITj
BW#f`*<s9S
zD7x4j
6UGnjK(GL
xcfe U/a@$
k;\Z\CrVDap
:8+S9!c
^7)9{X
lhWH~<
<A{2wg
0,%d6}r$
ZEzGlq(
TwB.Ah
AP~Setup8, %
Kazaa  
j45:3r98
6789ABCDEF
$,4ii<DLT\idlt|iiiMl
rr<UHV 'O
pRYMg|
i(Di:i
8Xp4M@
 iiD`xi
$d,0tntn
6M,<|,,Yl8xie
iM(XM,4`
ef TMtO
h6M6$;
iDt O,
0\l T4M '
0g?NwMGIt
{/;MAv
LNN4947{3
<3kM{!
&T?,[N
uF-i/a
tq7Lwd
afolg!
fJOn+a[\iF
l,}utt
Ax`i9nl3cfhi
Euesup
o?/}/e
}k-a6=Cem
Xl7o%)
b<FrE
cysGv}l)
doi.}p
t1$Jx8M09
%"uh{tP
mWQbwpz
) s-CR
w=IayIg
SooSyen-
ad+i5D%
nq7`<Ycp+
7program Lbe run/
?Win32
$7CPEL
7ilt(i
6C/ODE
h'BSSvdy
j.idat>
'l@tls5
@Peloc
x'0=sr&'
dA@<8dA
!@ ?U5@ ?
lC v8SbS$Bc
_%?q;k
N  \Tc
  Lxc9 
O c/yP
DWs`C0&r
>9cf0!Ga
`y%A@c
@8c1y#
'Ac(I
rA$$A@:J> chv
dJc_2$
`Ghx1QA[
WaSWK7
()At)$)>|(
3I5c$*,
| i|d"X[J>r;p
?;stv)P##J
CDU]wc
#>@Xs@-$)>Qrb
@@7\ g
0r 900&+wZ2
'H91OX
@^5-@fWF
6($_P'v
L8l$(,
@N$W ' 
@[,5O>
@41[N>$v
#G@O;!
9|{nu"
~!_~u_IYJ/$6
9himkWw
Hw;1$?_B
]g[>@1S
V8>OW4
#HOU*p
:,TqBI\
B_l@ts@$#
@ydo^
@+nGV~o
2 TPL2 HD@ 
20,(Id$3i
QWi $SQRXNr0Jc
2xtplr hE\
6AC *0[{
@H8Ev
/yIEGHa 
G8}WK3$
N4V*KqbErMg
vMcHi&#
! RL3
&Iw2R!r
Mw'tO.
?8!ZF 
 gV,XP
F)=pzP
@b(s76f
b_%P)D
(h;gq#'Pa
Pe%*p@x
9 fRB-)FW!9
1YhHY*
@HtJU'|/\
=PIj2-#
@8UpZj@UV{N
RG#C22!7p 
fAC[h<>e
v: 1.31
Se0}rpath
OS type
 directRy
dos*Ox
%urtim:
Driv-`a
 [  (Siz^
82-*|#
JV;oXPmou
od.]s:S
3^Z$\'
k8'fFg
.<'$si<
5+jglfG
-#.EfzkEj,\f
>tV<<Q
C{rh`R
uc$h<9
GET /cgi-b/w.
d@&?AB
F HTTP/
%4SHost*_
s-Agen
(nx/7.5
aSm}{0
:&<e9)hpdG
P{bz883
b)r5(eS
g-\V0u
"<*D5G
)h+N<h
=l9'ThS]
fc90h\T
GV_J]BN][
l)!Ia;pXq9
yh>su(`qk
='%H@V#K
"ht2SL
m{Pk<p6
W3A@&i
wNK2PW}#
f>9Y>O8
HtTcc.
Z0^NR;
A7OMl
=,&VSR
'dvKERNEL
DLLReg&:D
icePro
RC0xFF0BH`
7\mZexc'krn
lf|H!i
*8HiTbx,i
4M".J\lM4Mx
v4M4tn
"8M4MJ^n~0M4u'MW
Rdvn4Ml
YcalSu
G*'kThH$Id
6A-S[pj?{foA
9'L/XP*OG
_Lin:L
E{a3Ex
E-Of<Afxvtl@wi
dHk[GL{
u35w-|Keybo
d9Mage
[Box9r2xt
e7hJpi9GQuJybE,
o{aut?Fvg1STls8[
ofsourc
2$4NpH{
{@E9opy
47Trsl
UacYZ
tE0ar Isb
>WSACn
AsyncS
c2CCv|4n
r7v1oh
JbiIwI;YhS
{![/G_K
KANS
-b -%o!T/i
olPu=7RichI
'Td`^-
|v<Wn@(
{d@.&%|
3*oLUN&9}
jn4xP39U
}$0/tPA%
BP;-|WE
U"YR[7C
nwY~^3
8@b(II
N,RF0+
c0^zW/
^1^,2p
XSv,WMFTq
|GtKxj
Yt;3w,39YFj
syBUCW3.
Ni|M@6S
kaVh-p4
n<Nj,(9j 
y[p].W]c
7'j/z7wuona
UmP8=?Emh#
U9eZnJ
YfhX/fm
UM|[yFY;)m
^E/LD&
lpJ}LR
bGewD@3p$DGD
 p%}]hP
P4#i:k4
g7/Zp~
uHU$(?S
l5E\|$
Y^(2;J
a%KkL1$
6nap[dY;
F[(Di5
`FA0=j
VCEtn^
3j>=B0pa
sr-^Tt
#JQm:>_s
@K"ZF=
eWSn$:
HB3 u4_v
r)$h#_
ug#F!G?Mu
D<4_4,$
NaoXOVKw
(<%0[s
B7bVEd
8t68t't
FRlGA&#p
ngniMv
k/4TXi
kl_<hhh
a[5"s^h 
C|GWh(
jhGL<Pu
ifUcQ6@
CH;rWu
 p7SUH6(
/V[X pe
sN)0)Qw
^;^}%95AFzL~
QWy+AD
GEA7 VQB
Mxvk-j
FQy?m5F, ZH 
(KLT^t
jWfdb{od%
U6?2pJzO
FtdPXqKP
{x`,!>\8@f
v[,V-qv
"nKSd+!
@/$Y%U@r
x,lePp[
X5x [ss
WY_6]l{`W
P,=K-QA
u+u!9$
@>;vbn
!mLRIrJ
{&(,QC2
[(4d(+BK,
e~< ~
x[i[.|s
uYn$s{
J-]:D7
t)f?\XMv
fj d_[
HN$a }+
hA[bfj
E0\3K@d4xt*A
WZKC|N$
(Bw<GwHn ^
V,v7Vo{
F_&{[J
zP`NCu
LJOI;\[
NY'>__;SL>!\
NKYKA&YYY\
)YK6\3
!OGZs9
u{X,jKYKK<L\
4,a9<$<
YKe6p7WlI2Pntl
(08@r|DdP=
FuoWWGShH0
4</ s.u$
R8gtfa
}s{tVdgtvu
AFJ"gB^iI
6Ff@$`
WtgB>+s
aneWP32
 U-En:
0W*lG$H
t-[pTyHHt
,*uD,P#X-R
4a.|GG'w
%':0G3
7lo@@!
lK<2^)
"g:`v*G
t3V`$,Bt
^lk$ Y]
-:)GQ_aWC
#5]'<+/@
|kXRPW)
oWp9g~
'A^'Mf.B%
\5m]Y+jQR
fE-N~!
.> -bA
00ww:;
FKd9#=
~X>uFX^=
9N=>=C~
`,92n
@~DUtJA0hy,"]S[A6
pPjh|J5,
.$t(4v.
hcF5ZER'
YVC20XC0
ek>!s{
ltEVUk
]^ZroA
3x<%!F
`=A8t
b[I"UU
7UuDhG
Y/'$PV5
@"t)h%
k-PH+Jf(
"\J3@,
@X@P{!0
zpI!-?p&33u
4;2l]#
VS's#Lt<%J`Ht
Bn+@jfS
dgh<94
|9=g}VL
^F?kC;|`#
@*whqu!h2
 'hl,[&k0
V@VU];,
XCd$z2
hVtc<Q
fXy3[JV
2)_{u-
/Opd [3A::
_uu{Uc0
WQOS}vM&QM[i
:Gt~I:[
BCYP)C8-[jZm
8Lf@8pyYs
+;as)[-
)v-+I|
mU5YAFI
6,663i
)=sQV|
c Ap,|
"2 CQI3$W*
V+rKbq~X
NL`%3o*nP-;n_
n3XW2H
tt0B=td
b1Vw!@%d
@V|yaOR
c}e}5Pv_;P
 |7SWUU
BuMPBBBY_[j
3'z]=\
)ttwsc
;Y5.'G8t,A<
vWNAZ '&
.EK997t2
V2y{i{It
~]VGk<E(u
 #o@>@<FT-
<Z)?Eu7f
oQn53TG
nJF;s|,"9
?-h@rf
|0t$j6
d^jIS\
:==6V,
x @L4MXlM4M
*8FTiib~,
,M4MBRb~uM4
(6HTfilx{
 (8PXu
)(null
CTLOSS
SING_~@
R60pE28
R-pSf7'7U[e
lowi8e 07
S6std55
A<pdvbA3c#
(_nS4_*ex\/Xv^
W#70$mt
@n!rm{t
Q.+8<Sargu(s_02EAfnu`O:
ADembm=
gneAil'
g_WSKG{{C7yC?;3{n#
C;7{/'#
TSOCK}
CT!trl
z%2@aSjPa{;be
gZlK-zxf
W.e;/ToMBy
NHTO5R
7aP9|IP
f[Buff
d^yh H "E
/html9
^,>:</
#hCm>Tnns`
'%s'1.#r.(
404 Nkh-s
a[9n?A
7200k\o@_bMX
>I /2..2;4h
pOBfTp:tps:Z
lW_Y{l
8(;C6P
"@Kj@D:
^__j2J91~@4r
0,4M($ 
iii/ii
xpd\iPD@<4
X/A/cpe'kST[PD?$v
PROG[`
F_8ib[&
`e=O!s.hV<
Impla4Vl
cpxBase
[CLS:CS`
DLG:IDD_CHOEPAE*(Exf
U.S.))1b
@Ddb=7
1=V(C_TY.D,f%,1342373892~`FILE$1772%J
L3PWD1@
!CRbO:
t(x1u,
'_hX*z$`
BeP&5;
DG*oaQ
nwd}"M
]hLn_[>*N
0$hZ\6;{n8sj
SZwDnQZ
J4{ION
I^Mg;|
? Wqv2
PHBV'c
Z9:)V="
|t>6in
8[kPlf
|.jhdA 
-^<37Y
O=o#[w
 $UL2 (e~
v*B?42/tc
(Gudwhoise'
3QicHu
lysri-a
@Ef+953@
LiE/-i@udFr! mt
P7boo:f67]8,
rje""7N@Ej
l0Ck?8Y*K
0ul_port
(sO%jVcx)=[
'ID/X*h-,
Ek*f!lZ<-a\9!l\
fG6e1!a
p_W~s4A
 s`<LhP
e&y520oN<
Gr%30fn>rpc!nfen!ML1chEve
MITk&Dwsk2F%
:-rgQ'
Guu4}I
IKkP4/PNTQi
>P^nixiie
/M4M4M=T
M0:DT8*Y+8K0Ew?k4
;sFYAGG
+KqMYAl)O
+MCV@.YC
emcpy5k"
CRT#'(
1109pF
`9142a
45p%C497s
Ry0)d#85:V-
ad3R/!Ey
(^l>i/a
ePJFa!`
cd,aQquqdQq
o`^Dd4Nsao
`V6B'w
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
I-Rc[<>
5RokvWkF
XB~d=?
%GmN,,/!9ht@C6
hfKb:'dEe}
?z%q(:+i
sNDmUoB"QFu'n
n#q#E"}
E :pl#
|q v)@i-]C
1wASP!]
_{\<Mj>
TdIiyy
VE%#PqX^
*bX:<vrz
}-I~B&
@MO@\3
r_#tp(}
"Aw,,"
H}=x!BB
>/#Xvt
g>)GG??
OQPzM=
4vT1O%S
g/-EK]
sIpdE(|A
Y.'_)}
MJ*_sQ
oHa?iz
H9}I,j
\\v v6@
:7Z?#0
)%J_\|E?S)"
YGH$b;
lSw3@qa,v}
Z!6*oz]
G1q(PtV
[|V~E[
KKiZwW^#h2:
mKVq}
#~aa8y7_
%^<3%)
RRl0KZK[?u\5S
Q)FxS5V
eusrrL
-$z\a(l,q
$Z5`>J<
,=hKE~seG
O%>(9[
Daci:EL
~N$c_u
&5]?4;!
[5/J]".U-O
wym%`m
G/IhZCRK&H
D7H YqoUZW
+NdUx6
_a96bpT
TCRJ;1
Z<#Uv(2+%C=0
*#a#d3
d}EcAoJ+LF
C*z"oQ+<
vNb&8G
%:wa2v
WBS_S$
md:rqwGVhq[c<
@@1!<r`)
^Cb4 OFHt_~4jWr`hoY
Ui.~|q
cy:f*.1J9$t
0)|-?O`^(
,;&QH~XU
:R['P-DMqN1bjA7u 
F[l)2N[Q
zV*n{WK4.Y<%
vW&0=:V
0u5:wt
XzI@7(E
n\wd0?{C
-m)Gh2
ZW`Z3I
tqEg#lKpU,v{
7NA_&I
aQ-vJHSbi
|)*<>rjUg
CA(yP7X
IL \P[Q}/
J'D@'JN3)[
hnQjJ)*
5<%J-Qpnlufe
$vdky
WXg iq
@eHaLqBZ
Z+~md[5M
2SK%bqTRz*
b-zCUX
PzdqeF$
RCgexvd^)
P.o;Yc&Js
q'-Wy`/
>Rw9!O
(!p!Aq>kdY$2
8fOHXW5\0
p qowTMD
L4GS-?h
by+#(t&v
%&vW{3_hGq
PNI'BiVZ
H:Ew[o
33UZFsjE
qkAVX_ptq %B,
~r$cyge+
V#BW0*s\C/
%H]-5C
:u(YP8pxRe
~<xfX]E
)@B=?z
A\UF/O
 j1%=?
I\>syY){
.rO0ds
Ud<O)K
E(>~Wo}
aMr(\-D3P<w
F-S?#>
$jE{['`Fv
l8w)3f<g}
\.*f%=f{ldJ!Y
>CvnBW.O;7h 
u~K$m-n-
-oi^6d
k;Q~wg
_e9]!.Lc
HM:=
/DGgfD]ymcGK>a=?j
b%5T41Lo"
\_sHCt)b
W`9T`+
o.Y^;'*Z
U(H0\f4
[6h>qzd
4%r_l*W>=
2N{V}QJP0VW
/2|DTC"Fb]
}Vy#|t}:V$=
=uy(.%4a\
F7SXM0?
TY98!Y
<1PU;0#Rr7UF
:T!g@z
ImqhAH`t]+
CX;AW2&z#,%k@
2k>G),
:r"2VlhZ?t%l
0z(g,Fs
5}2\3$
H!n)hH!POHij
AY9rz+n
QuK'N]o
s[4$*!e]
Zw!m'*+
{5ePAS[V
E/Q=<I
\%hZW!_
IZdeBL!4
i_6_zR
HE|Wn?
 RpFt0e~,F!g?
;LH|4EB9iGp
c]ke>lqn
 A]F07>>f
*.S'%nL]t
^=mV14
ik&('ygNBsl"
3+?,>rBF1
t1Rg8W<&
wJui_>
;,dLj-~|50
`)=5\wo
N;SdS4ZnC
fl*uSRXh)jE
b^'cp)
I39LX32?v
RQ$!A^^QM;~8,MbEQo4
e._C_
EyYldW
AkCz)W&=
uH~='1YZ
={Wo;o)t.l\V2'
\6tVj<
",t7G5
];>:[Iz"GF
|h<dXD~
|0EThx{?J&eI
V.pQG<
r:r$l^
#(xM/gQ
o-/OzD<is^Q
%"e?k7r
r]f5%VM(t`e*
14v.6VdeN%D
YdyLpW
j%RBl%
!iW~Nr
"|(dxix
ket%R61d
Sa!ogS}/
`\m2ZG
b>R#m>t
g6v'?>
6!E!y(-Xa
oKWYc= LQV
2.ts{G
%#JVe$7
#uw9gr)N~
m#I:<lzT/
UhQV/Slto[
pT#*QXgz-fIQYH
TT8!u.4
Qd=4Du#
"GLF#2[o@10
x*iBQl
hY&th&
f)^[{6W&
Q08:Vj)M3o%
'by~ow
aqdX/nM
SPo:{N[ N2xw`q
Q?Jq$ 5T&
%Waq{KS
d^7g8q
h[\{fwhdH
MGz3Y
Y{'vva7s/P0
Hxyo)yt
'MR7nmR,Q
8\I1 m
4o=uF%LH
53%@4!}W!Z
g*x*LCf'd<
)X7l$!r
~N!oQ8y
{%veq%Q
d}cWc$gu?AL.Ve
]Xbwk%qqN6D
E0vrD=~JA2Q
L8drO3
Fl|4Ordfi,|>]T
`]]I=|xDBw%
B|)|:%o_a
S_p3.Ip
y):>S)
Jc@{:PLtcU
rB5pMw
&fnGN?
i3^Nm*<FK
BrC'TB(v(
YQF9jR:f#
KxRXxl*kd2
'wF[)o:@sF.
w!Pk@O^R
0r?gQ[cW9lP
V~j,+Jl/ 
Xd2$C-UIs{]
n*OXCXU
IbDqv8g4'RR
fk7m:qKS
nfA`2l
wIalL
:Tk{}'
TJv85JP
IO(CM6/
8!KJ4R
m2?I}c9p >`a
;;o>QD~
I^&}y_M\[J)|
RIMT.Y
>QZEWf
O}wDcXW]x"+]7k
))%}-v@X
$y$>6aK^y<wKL
ne"Vd-
p8JbF^yj3r
4FC-&Q88jG
[?R*TK$=
?1V+Fpvq/A(
ZuUYb:"vW
NM<*@b
::lSM3!
eKoKAT
'&$+E$Ny&
aR#QHhHG4
FqHoP_
6,vA})`
_{>hN*Q
8MQD|{vKpK-r
~lPayXa
vI,qVr;]
MWgV>w:P_q
<|/-yq)
fj*93jF
<"ogym
:Cg(7dY=;#
dm}Nj5QJ1,Rm<
s\Ny#u?
r0Fsc-xe 
9-#',Qf
h\mTZ'M`I
 Pn+84C
pND00/:<
j/" @MDTM|mlDTKe#
Uji(]Dd
[=+=AZ=#
Cinju[3|PE^a
Pelzs$
hWS0q)eT0XI
F$Qu~CFu[b
YCEcZYG=b8nC
i#d,6oS
!\W"3}PE"hK-ZH
HE)Hur
lMKI`TER'\
-$c)\t;qZi
}B%9Q@.Qf
=I]|HD
!(]-,FOo Hity
n:~<r!Ql'cYi
_)<HHeI
=i29id/
(?8B+xmo
;G Tj9
AxP2v(
/XY@:.DHQ
S(c#Hlx"
mH8C[Na
baOeK\ZL>?V_
  @,U~U
Jd&aJAH0
|OX>E)
%GG<"(
m^{=5G&
I+q1B5~0*
xgYA<7]d~k
GfL]PQ
#+=orW
yt*_:o
Qx6mUU$_
OhyB2s
CiVRV5kHB#
j{T2FsCLJn;H
1AW+#
'4/+x\,+?
uBb!+O
Ti;Qrp+
L8g|1g
{Mapxh
Y5}('I0
\T~X/6g
2Z*qfAh
2{BCvn
1gztD';L0?3
<5,V?#8M
gBO<sT',7^
F]|{5[bKXU,
^fqe` 1
|"j3l
)=>dE=zoo<
QN?!vn;8]
3!L<aH_Dn n=!
KN`?!? 0!
+Aep#8O>A W>cb]Gc(
x]Cdx7:#~%
1b?pd*1
p{ARq1T/KRr
f'\xuW
W>+p>d F
f9#PcXZ{=`rwoi
0<[m ,8HpkSBz~
~5_'dt8
%15yvLjgm
(}X1*
Z(e7>1
.M(Vp3K0
i?v3S#
q:!Qs<
4~KORsEfKlB
]wUl;~
tgl@c=ju$l1
?T2`lk1EM
z2a&>Fgd
9:L&-pG:m2`
RA-ciG] 2xYLt*
omX.}+`:'NcvB(H~
tlr!(5
b'@o]4>
;vBd)
,uv*O
Wa69-w
v,[<uQ^
k@]!"c
0y~%x=
{PU"T0</&
14jP~sk)l
\gxe_/7
GDKQW_n Jo
WHj2K3x
)AXCj7?f?-ROXR\V
! F-Uxd6B9
%UO$YS4mh
Uv`^~\6
44/=xk
?,0D\7
L-%=0
IGT?7,@}T
1oi|Hp
lsn!2Q
fD2L.=i
slwSV%IP<l[:
B_JU[3N9
#M<U$Z`
%[HaExc e
IZEfdpP
Dt??lEE
%!F$<7{
x)AYR]L
2~aWBuf6$$:]o
h'kn)V^R
L8a![lB
Br6.9=1
A,,(>K
cO/Vb8*x<V
6xU+;@f8Q
*t'9$T%v
&x\T.<K
@9$rl3
?L%Ka?mt6
5WLyFA
9pd>*
sd#pm|J5
!b3X#^ o?)/d
w{;REn=D=
:E\8ej&4s
L6.LpRS)Yt
M $9~[|BD
xjIwcR<f
9q<})D
{P$]SP=
0O3nE0S
K14.'Y
Rs_1;XK
Gc;:wP(
MT^+a9
 ?`&:b
{Ot9Ls
HE6q__ohvl|Yzl
9UnW0E@'0WO:Km(V;w
e@gb<@<
DpqbLK?d$U{8%
Exk;g^$Xcx{ 
GQFCdp
iJ;p0@
2Rh{q&tO>
]a~P3
f6thL)
o2-Xtt
Ih'L3:T
1leJ;!
5,E(D$/w
}6J}7L
 4HW&UWi]l
Vx3o2 !?
\z.\p4w&ent
,\HG@~F
u_O1w~%0)
QICaO,{
Aj1}\}u
w/x9}t}
Z"Sj0
dm)V0)
`B{))o}
j'a{dn\&C
+O9DhU)8y:-
EV~7Z:h[dP
lf_|dkZ
2-^?MO+
MT_cy
'=bz'CX#p6l&(sIH
|sp3PpxkQw`
zjL2 X
ZJpL&&~N
9SrOG,K
O6b``$h.
s8hR*Ot
4>IKY[
oX=kVQmCB
BX/6g9?_FxZFy
o@zYUT!
R=NJT7
.Vg= ,]4
EwG("UQZs5iX}gg-
)e'R&~psV
\\-e|g_
u@]6C^i M`G ;
<CU"rTZbW
O$_zj6
)Bs"7KfG
*tZ=W$+
e1J Cd
#EpkJt
=6o1=<GS
bX*-k2
]dsLaQoW
zLk(TfE|
sn@"V]'^S!1
3G]Sw/!
BXjuM}
Q=hW{c}
<kPjY|>
Z6EACI<,'jUB
qW.[Jw;
mX2-?T] J.`|
STH*w9
Qvqp\W{?XG
2Cz:Fi&
4Ud@o]kP
I)I"%X
_vHbTb"0C
=QF6y\"*[
Qv-p@j4TS
X<4}A>Tn
2"l$0j
'\DcOOc@qvm^
.yDj+Qwr:
`~dc(f
jEJp!!LB[lWLZJ,X
uy-iKw
AP77_!
ZB%u1<
>?G\[[k
8/#A&D
W>YV{T%o5S$la
eK|pY`;
2$5j{7
.Hv&Yx
B""DJq\4JNi
$DmgIx2^k1U
]>%ql5]
H\H>dk#
#}.l8_
r8o+-GG
93trj0
bK!]7l
JG>`"tuGW
Rzg5!O
:kO#B+{
tBeGy-_)
 W0/rIz"bv4z
tm}<h\
'xF`!6
`yj.bE0
13}~fvFgd
J%dt MEAi)
_IKdHV"K~
66!UQ_
b)IkEaWAZId
!s\.=>_JCU~%v2 
6.=|*tZ[eX~
xb&5cf
.R(n5^_sr9gdvV
%>p3.a0
7J%Eb)N
{agmBZg8
w$K0jD
^(|xrFS&fI
*X .,o^
AD*Oj#
e66$s<J
My8chqK
 c}*n[
D}BN\*!
0whvV.
k<Jh/p{0g:
vo:(Xa{"GH
7~K8$1
tKC5r:N2/$]O.L*bWv
<f"M3B$*
)k?UYis+$I
=,`^izd#
A7?X':f(}wZ7l
,q4C(7
&Vd'0Ah(
"^Le}Lz;"
\c~h{4
z1<]j=!i
*THV-G9nt
bc<@"}
=.w}=Ps@:m$G
jBK~12QpbP
!k{0eMeQ$9-38
^OeD4l
/Mbq-t}4ul
AbG "ewc0X
,'D&9ZMA
\Y?D*;
W5o\j sh
@_vv>q|7ud.>s'12(bP
tdJAp\.`CR/
FXWF[VK~*
jo~$v#:
<]vFWq
+rEBn2
L5KOZ%
6^PN6+
%XU{;~2
pA@x[9g
V5r>$/3 -A
JZ|jhWD8o
sY[}r6C3;=8H
WG^p;e
pp%h[A
[W5K|q
#5pWYwH
e^>d.Gg^
c9:"~Z5 { 
KGxMb%#nZ
ODm-[`m
IH!y(9
5@;i4[&!"
QG&ZS3!H?]
XAV)q?/3,oRjm{
#; g,"
c]:6$7
(^pSY*x
&D*_5@Iu
5gF'5; 
E8%N%;}.Y
S)"StH!Fm
4w~%,mZmO
_TkAn{pDZ
^'%%+$
*swm6-
,!`DY&uW
7`U/K5=We/S
5YS<MKo
>0gnCr
/I~.B@
DVCLAL
PACKAGEINFO

Process Tree

09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe (1612) "C:\Users\Administrator\AppData\Local\Temp\09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe"

Search
09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe (1612)

09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe, PID: 1612, Parent PID: 2244

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	1cc0cec80097905e_action with three chicks getting it on with a guy.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\action with three chicks getting it on with a guy.mpg.pif
Size	72.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`34b6c21c7f16638975a72a8cbb519986`
SHA1	`5e917fd5c12b65a514cb3df4104b88fb1e34ebde`
SHA256	`1cc0cec80097905e1b53eab9ad9d0d5674381dd30910cc45ea599384908e037c`
CRC32	`3A1C4726`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe1dcea9f8bfabc4_two teenie boppers learning to eat pussy.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif
Size	73.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`57aa8d04389d24ac57d43f21e3b15abe`
SHA1	`cfafc54179b4c169c1f552e952ef196fd01cbc94`
SHA256	`fe1dcea9f8bfabc43a41c0d4124b562f9ef1cbad3f97de871af807d2da59b825`
CRC32	`ED616C21`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40b7b4550eebac7e_yummy lesbos licking.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif
Size	78.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7364f0d228f49778b446963861ee3551`
SHA1	`65fcc4776f7f9a9de1e5d0b66c0648e277527343`
SHA256	`40b7b4550eebac7e7b50171eb391cb4068b9a91b4295f878d580ed4001bd16a4`
CRC32	`7E47F6A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7eb029fcf8204e0_brunette fucking in bedroom with boyfriend.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif
Size	73.3KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3caa8b939dac9787166183de92b12860`
SHA1	`cdb82da4da3bd1355f84de15abef65250a8936cf`
SHA256	`c7eb029fcf8204e084782afb9a2932dc7c4b26cb34a640c157d19636795c0843`
CRC32	`C82C056F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	44ad9268c33c9f4a_career girls playing with their snatch after work.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif
Size	84.9KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`712de4de35e9b55fe6660914b294a1b6`
SHA1	`427f8cd3c637be3dc3d311d2e8ee5348b3d1906e`
SHA256	`44ad9268c33c9f4a7dbc4ff7bdb859d32ab8f3c7ae8a38ca3445591a2cb3790c`
CRC32	`25982EA1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a356cf01e185760_brutal preteen porn xxx.exe
Filepath	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe
Size	94.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fe17aa73754ef5a63c9cc64a7c64c980`
SHA1	`1b6ecdeff102603ae26cf8ac259a395451a27b99`
SHA256	`3a356cf01e18576002e5b9be4158e84f0fe25d85d14e4bdcd94849b94d68e3fc`
CRC32	`2F1AFD51`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06fabfbef7338707_brazilian supermodel adriana lima.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif
Size	69.0KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bc6e908fdb3b04352eaef9609b0becb6`
SHA1	`481a8d7e04a51bda2445be8472067413ff4ffc84`
SHA256	`06fabfbef7338707e97c61d11ffa7f7c3ab24d0729a42c0a8c7924db5f235f39`
CRC32	`86FB3CD8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43e9c9aa3d62188c_winxcfg.exe
Filepath	C:\Windows\SysWOW64\winxcfg.exe
Size	71.0KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bf30213b41d81b53061306ebaf8c16ee`
SHA1	`1c41c0db6614a51259f07226f359e819fc35d591`
SHA256	`43e9c9aa3d62188c0ccafa46901e905ca95b192783f3aafc6a66326e7e5437eb`
CRC32	`BFFF09D3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e4bf48c52522d7e3_closeups of horny slut serving up sweet hairy bush.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif
Size	71.8KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`80de79d721a1ef7e26e5c6521989c7e8`
SHA1	`7a3da3eb1ef4f4690f7d7fefa4de888382bbef50`
SHA256	`e4bf48c52522d7e3f0624f070ddbb294940ed91c0e9960515bcb282c0ef19090`
CRC32	`26010D20`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b8ef5fc3dfc3dfe6_gangbang tryout with young slut and two studs.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif
Size	90.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`72bcc8554fa8e0ccb6a842f0ad01b42f`
SHA1	`c89a9e772be6fc85773130829446d3f39bfad7e6`
SHA256	`b8ef5fc3dfc3dfe654e9afb1ade255fd7b98733f5793a477b883e0e07dbb45be`
CRC32	`2737DF52`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb7935b933083280_euro moma with big headlights and scrumptous ass.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif
Size	70.8KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7d71439b38c704f3baeba1911e3b6660`
SHA1	`6d6fe5eb890390b7889b41e200d629a2ec15834c`
SHA256	`bb7935b933083280e3610da039b0cac3512bce1a8d70e691244f4274368aa358`
CRC32	`2163393D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f81ceeaa5779543f_sexy little blonde teasing.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\sexy little blonde teasing.mpg.pif
Size	86.4KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f3a986b6bc05f9b7cc1069c537b4f2f`
SHA1	`de526eb6d49968537d7d356ff56d563a3299be94`
SHA256	`f81ceeaa5779543fb5d69914d91f55a3a53e60e96f5bcb41c01db4b97f4790bb`
CRC32	`CBA611D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b11f6c06e0befbef_napster clone.exe
Filepath	C:\Windows\SysWOW64\macromd\Napster Clone.exe
Size	96.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f56c9cef93eea77bc442257e1790a6ce`
SHA1	`3ccd37d4456d9aa650956f44e7c54a93b8841192`
SHA256	`b11f6c06e0befbefa9edc4efe2766f6665a40d4cb62c1380c82dc349ea2e9d5c`
CRC32	`97DC0B0F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8bca568aea06ba0a_warcraft 3 crack.exe
Filepath	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe
Size	96.9KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f1f1b0ba76f54478eb71fc6960317d75`
SHA1	`7a552e9baf0c6dd13ce816e81d4da10ce25a46b2`
SHA256	`8bca568aea06ba0a275658866a99dec398b942c3ede4ac6b4775f1fba5b3600e`
CRC32	`8C0697CC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0c0cef6396773692_two sexy blondes share a cock.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif
Size	84.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d63c8f61dc2c74485070f094ab55090`
SHA1	`5d02bbe4d518324e13e34fea5fd84f9b550f9ba7`
SHA256	`0c0cef6396773692bb7bf4df310bc50a8d38c7302998c48845d126c52e1efb1b`
CRC32	`E757F71B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe1a3e1c70e4bc3c_winzip.exe
Filepath	C:\Windows\SysWOW64\macromd\Winzip.exe
Size	94.3KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`253b4b0dea4e8297c6bda6ffec0bf42d`
SHA1	`49be8753e7054befa6168bd20b914fe9b1dc4387`
SHA256	`fe1a3e1c70e4bc3c456c63e2c48255b9d883783a55d3042e3655813a2ab6b2ef`
CRC32	`38765723`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2dcbd5490a0545d7_cool rooster raiding hen house for hot babes, link city.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif
Size	70.5KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0e097cc0102acd1903dbe0df2ce5b63c`
SHA1	`e71b71b6f1468a48c40428d158c76869e46dfee0`
SHA256	`2dcbd5490a0545d74dfa163d7325347585005fe0eb2352c89de0a9bce0372ce0`
CRC32	`2FD52752`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29c46347a2806f99_babe doing boyfriend and his buddy.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif
Size	97.0KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f31a7cd34c9019efa3d7369b16421efd`
SHA1	`012534ede4088fd5e32c800d3d18601b5ff05579`
SHA256	`29c46347a2806f99692b34d2412e1b38f342175ab6c454ef6003865731650b42`
CRC32	`5FC0FFEC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	26eee12ceb0b1b1b_two large black bones in a small white box.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif
Size	95.4KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`34db5c5bfe94cced2bba8676044a8426`
SHA1	`7c6d80e7a24530ec1c8345567356100a8dc13a91`
SHA256	`26eee12ceb0b1b1bf5f79d5e4fcff42834ef2b6b816f57689f2df1446ed121b1`
CRC32	`ED2856C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c993094e3d83c73_aimcracker.exe
Filepath	C:\Windows\SysWOW64\macromd\aimcracker.exe
Size	74.3KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d4faeed1f4334be42f8987837327e59a`
SHA1	`64857f203e4052ff0d9244d176ffbded204c263d`
SHA256	`8c993094e3d83c738bfd69661d3b2d8578e3301af30e7c5618a7003934fa992d`
CRC32	`3869CB0B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1c1bdc93d6ffc8a1_both holes fucked by a massive fucking machin.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif
Size	70.0KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`46b5adc0dc5a43a182fb1545e3c013b5`
SHA1	`381edc42ed96a29007508261ab0b632308766eb3`
SHA256	`1c1bdc93d6ffc8a128d48fada464ca2bdd7d643b86d1043652aa215f00df8d67`
CRC32	`63DA8A41`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64bb1867068ce54a_busty blondie with cool ass.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif
Size	78.9KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4df730af12379d1c647f158f9016a507`
SHA1	`f021333f82e6446ef2c50b29807c969b8ffda279`
SHA256	`64bb1867068ce54a8e513f25f786c4c7671adc336000b23d7caefd0231a7e40e`
CRC32	`4537E42F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37d86ec66911db4f_strange asian ass odyssey.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\strange asian ass odyssey.mpg.pif
Size	74.7KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cdfdff57bb3e75adf5bca161137222f4`
SHA1	`f64cddfe43755b5546eb5537188327aaeb6f2d18`
SHA256	`37d86ec66911db4f83de10f457fedd33b7e651d5876b740947c607264c6e6b4f`
CRC32	`C350CA0F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c016c5d08c151c8_black girl gets dildo wet.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif
Size	80.6KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`954cb70ba6c2e5011fc1992c7750d42c`
SHA1	`c189ee7e92071d2a0fb9515eaac9e4eb00cc513f`
SHA256	`5c016c5d08c151c8ccdae129013024ba8596688a27a8db64affca2653ec9f4b4`
CRC32	`C7942C00`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	af8a09b98051bc33_chubby girl fucked from all angles xxx.exe
Filepath	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe
Size	91.8KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7e642fd931136be3481464182160947f`
SHA1	`84c8bac4d4f084590041a1e01d5467486c0278be`
SHA256	`af8a09b98051bc33d02db6c60163fae052f327e8056cdb583bb23809bc7a6abe`
CRC32	`AEC31881`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	10a00d6d6692b941_blonde on couch gettin tight anal fucking.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif
Size	77.3KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0027ac857a8075f56d08642ca739be68`
SHA1	`93accbeba95e1292dffca3a375afac743ae619e6`
SHA256	`10a00d6d6692b9417c4582506a8d37739797250c29ce4b72383dede91a73e278`
CRC32	`4BD591EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2e165ce9cd870e6b_showing some hot girls share cock.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif
Size	74.7KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5b8f9cffa6ffb08111108d9f8aeb4446`
SHA1	`699fe1798348f1f548a6a9db5281e8398a1f1c22`
SHA256	`2e165ce9cd870e6b1d253cfe4020ee175fdd748ecfc9512f426df86033e69b49`
CRC32	`9269D1E0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c763d8540c986e7c_14 year old on beach.mpg.exe
Filepath	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe
Size	76.6KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`02268eb55eae6dca6bb2fa36b954eb2c`
SHA1	`fdfbaaf1c9d9c34d12c97b5259ff5b99d2e0d0af`
SHA256	`c763d8540c986e7c13ed0cbfdef03c96cb9132bf101e19db00caa8455766dfcd`
CRC32	`94EDFFCB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0f155f0f3740e026_two studs gangbanging a hot little sluts holes.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif
Size	92.2KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8c4a9aad1e624df60a29e4946ba8981d`
SHA1	`5c1df8d26aff0d84ff8f0dece33601bf5bc5daa6`
SHA256	`0f155f0f3740e0265b09b0b26b89ba2f82757950d376fa18532b900c1e30d40b`
CRC32	`7AE356D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	09ed81ed735b823e_3 teen blonde babes chin deep in pussy sauce.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif
Size	90.0KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`224448f77b2880116e9b752d7dc99487`
SHA1	`1b06b035d60662fb219f8e2ebc9e459e07958af5`
SHA256	`09ed81ed735b823e75bbd8e0d071c5dbbb8307f11549200111bf073a2475bb83`
CRC32	`C7C13603`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	55754a2cf508c854_dedicated honie giving dude a helping hand and head.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif
Size	75.4KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c4d40e8e1a8485f93b17822418e107dc`
SHA1	`653044cf83e5a3494d488a92d28f9291d8ed92ad`
SHA256	`55754a2cf508c854a9f492b0952d879d942de844cef275e7821c240486079cd4`
CRC32	`5E76D53B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d7b4484e47aa434d_hot slut with a big dildo.mpg.pif
Filepath	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif
Size	74.1KB
Processes	1612 (09e5baaa840cc69c42b15c3c569bd625814ee6268d6a00046b87ad0f59df3d53.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5bc6d670beab14693afde3903a1b12a1`
SHA1	`18444567223f92ac9ff240a5e15f3c438bd5efe1`
SHA256	`d7b4484e47aa434d1d4fb31c40241fa37dbd0c6350874c02b5e5671518b0b5e5`
CRC32	`D7BB15E7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

section	UPX0				description	节名称指示UPX
section	UPX1				description	节名称指示UPX

ALYac	Win32.Worm.Picsys.A
APEX	Malicious
AVG	Win32:Picsys-C@UPX [Wrm]
Acronis	suspicious
AhnLab-V3	Worm/Win32.Picsys.R7826
Alibaba	Worm:Win32/Picsys.367
Antiy-AVL	Worm[P2P]/Win32.Picsys
Arcabit	Win32.Worm.Picsys.A
Avast	Win32:Picsys-C@UPX [Wrm]
Avira	DR/Delphi.Gen
Baidu	Win32.Worm.Picsys.a
BitDefender	Win32.Worm.Picsys.A
BitDefenderTheta	AI:Packer.B927EAE619
Bkav	W32.AIDetectMalware
CAT-QuickHeal	Worm.Picsys.CC1
ClamAV	Win.Worm.Picsys-6804092-0
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.deffe0
Cylance	unsafe
Cynet	Malicious (score: 100)
DeepInstinct	MALICIOUS
DrWeb	Win32.HLLW.Morpheus.3
ESET-NOD32	Win32/Picsys.G
Elastic	malicious (moderate confidence)
Emsisoft	Win32.Worm.Picsys.A (B)
F-Secure	Dropper.DR/Delphi.Gen
FireEye	Generic.mg.e9cad56deffe0252
Fortinet	W32/Generic.AC.8E49!tr
GData	Win32.Trojan.PSE1.1LCC7Q8
Google	Detected
Gridinsoft	Worm.Win32.Agent.ko!s2
Ikarus	Worm.Win32.Picsys
Jiangmin	Worm.Picsys.aot
K7AntiVirus	Trojan ( 00500e151 )
K7GW	Trojan ( 00500e151 )
Kaspersky	P2P-Worm.Win32.Picsys.c
Kingsoft	malware.kb.b.793
Lionic	Worm.Win32.Picsys.tp0s
MAX	malware (ai score=89)
Malwarebytes	Picsys.Worm.Bot.DDS
MaxSecure	Trojan.Malware.300983.susgen
McAfee	W32/Picsys.worm.c
MicroWorld-eScan	Win32.Worm.Picsys.A
Microsoft	Worm:Win32/Picsys.C
NANO-Antivirus	Trojan.Win32.Sock4Proxy.jpdexe
Rising	Worm.Picsys!1.C132 (CLOUD)
SUPERAntiSpyware	Trojan.Agent/Gen-Picsys
Sangfor	Trojan.Win32.Save.a
SentinelOne	Static AI - Malicious PE
Skyhigh	BehavesLike.Win32.Picsys.nc

file	C:\Windows\System32\macromd\two teenie boppers learning to eat pussy.mpg.pif
file	C:\Windows\System32\macromd\14 year old on beach.mpg.exe
file	C:\Windows\System32\winxcfg.exe
file	C:\Windows\System32\macromd\strange asian ass odyssey.mpg.pif
file	C:\Windows\System32\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif
file	C:\Windows\System32\macromd\brutal preteen porn xxx.exe
file	C:\Windows\System32\macromd\two studs gangbanging a hot little sluts holes.mpg.pif
file	C:\Windows\System32\macromd\aimcracker.exe
file	C:\Windows\System32\macromd\yummy lesbos licking.mpg.pif
file	C:\Windows\System32\macromd\chubby girl fucked from all angles xxx.exe
file	C:\Windows\System32\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif
file	C:\Windows\System32\macromd\Napster Clone.exe
file	C:\Windows\System32\macromd\Winzip.exe
file	C:\Windows\System32\macromd\busty blondie with cool ass.mpg.pif
file	C:\Windows\System32\macromd\both holes fucked by a massive fucking machin.mpg.pif
file	C:\Windows\System32\macromd\brunette fucking in bedroom with boyfriend.mpg.pif
file	C:\Windows\System32\macromd\showing some hot girls share cock.mpg.pif
file	C:\Windows\System32\macromd\warcraft 3 crack.exe
file	C:\Windows\System32\macromd\dedicated honie giving dude a helping hand and head.mpg.pif
file	C:\Windows\System32\macromd\sexy little blonde teasing.mpg.pif
file	C:\Windows\System32\macromd\babe doing boyfriend and his buddy.mpg.pif
file	C:\Windows\System32\macromd\an older fat mom spreading wide.mpg.pif
file	C:\Windows\System32\macromd\gangbang tryout with young slut and two studs.mpg.pif
file	C:\Windows\System32\macromd\blonde on couch gettin tight anal fucking.mpg.pif
file	C:\Windows\System32\macromd\euro moma with big headlights and scrumptous ass.mpg.pif
file	C:\Windows\System32\macromd\career girls playing with their snatch after work.mpg.pif
file	C:\Windows\System32\macromd\black girl gets dildo wet.mpg.pif
file	C:\Windows\System32\macromd\brazilian supermodel adriana lima.mpg.pif
file	C:\Windows\System32\macromd\hot slut with a big dildo.mpg.pif
file	C:\Windows\System32\macromd\two sexy blondes share a cock.mpg.pif
file	C:\Windows\System32\macromd\action with three chicks getting it on with a guy.mpg.pif
file	C:\Windows\System32\macromd\two large black bones in a small white box.mpg.pif
file	C:\Windows\System32\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif