1.8
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.81
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Picsys-C@UPX [Wrm] | 20200220 | 18.4.3895.0 |
| Baidu | Win32.Worm.Picsys.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200220 | 2013.8.14.323 |
| McAfee | W32/Picsys.worm.c | 20200220 | 6.0.6.653 |
| Tencent | Worm.Win32.Picsys.a | 20200220 | 1.0.0.1 |
静态指标
动态指标
在文件系统上创建可执行文件
(26 个事件)
| file | C:\Windows\System32\macromd\Kama Sutra Tetris.exe |
| file | C:\Windows\System32\macromd\blonde babe handfucking herself.mpg.pif |
| file | C:\Windows\System32\macromd\two hot college girl fucking in class.mpg.pif |
| file | C:\Windows\System32\macromd\cute blonde cheerleader dancing.mpg.pif |
| file | C:\Windows\System32\macromd\aol password cracker.exe |
| file | C:\Windows\System32\macromd\patricia arquette showing her tits.mpg.pif |
| file | C:\Windows\System32\macromd\euro moma with big headlights and scrumptous ass.mpg.pif |
| file | C:\Windows\System32\macromd\lonely teen thinking of cock while fingering it.mpg.pif |
| file | C:\Windows\System32\macromd\cute girl giving head.exe |
| file | C:\Windows\System32\macromd\hardcored blonde mature.mpg.pif |
| file | C:\Windows\System32\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif |
| file | C:\Windows\System32\macromd\sexy ass black slut sucking huge cock.mpg.pif |
| file | C:\Windows\System32\macromd\toon tramps strutting around.mpg.pif |
| file | C:\Windows\System32\macromd\yummy lesbos licking.mpg.pif |
| file | C:\Windows\System32\macromd\drunk college chicks on spring break.mpg.pif |
| file | C:\Windows\System32\macromd\babes taking turns munching on hot beavers.mpg.pif |
| file | C:\Windows\System32\macromd\Hotmail Hacker.exe |
| file | C:\Windows\System32\macromd\15 year old webcam.mpg.pif |
| file | C:\Windows\System32\macromd\spying on gals in toilet.mpg.pif |
| file | C:\Windows\System32\macromd\Xbox Iso 2 Rom Converter.exe |
| file | C:\Windows\System32\macromd\two teenie boppers learning to eat pussy.mpg.pif |
| file | C:\Windows\System32\winxcfg.exe |
| file | C:\Windows\System32\macromd\brazilian supermodel adriana lima.mpg.pif |
| file | C:\Windows\System32\macromd\two dudes comparing dick sizes.mpg.pif |
| file | C:\Windows\System32\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif |
| file | C:\Windows\System32\macromd\two kinky old lezbos snapping the whip.mpg.pif |
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x00057000', 'virtual_size': '0x0000f000', 'size_of_data': '0x0000ec00', 'entropy': 7.9075039579713575} | entropy | 7.9075039579713575 | description | 发现高熵的节 | |||||||||
| entropy | 0.9833333333333333 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe | reg_value | C:\Windows\system32\winxcfg.exe | ||||||
文件已被 VirusTotal 上 67 个反病毒引擎识别为恶意
(50 out of 67 个事件)
| ALYac | Generic.Malware.G!hidp2p!prng.4205B45F |
| APEX | Malicious |
| AVG | Win32:Picsys-C@UPX [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Generic.Malware.G!hidp2p!prng.4205B45F |
| AhnLab-V3 | Worm/Win32.Picsys.R7826 |
| Antiy-AVL | Worm[P2P]/Win32.Picsys |
| Arcabit | Generic.Malware.G!hidp2p!prng.4205B45F |
| Avast | Win32:Picsys-C@UPX [Wrm] |
| Avira | DR/Delphi.Gen |
| Baidu | Win32.Worm.Picsys.a |
| BitDefender | Generic.Malware.G!hidp2p!prng.4205B45F |
| BitDefenderTheta | AI:Packer.B927EAE619 |
| Bkav | W32.BlackduA.Worm |
| CAT-QuickHeal | Trojan.Agent |
| CMC | P2P-Worm.Win32.Picsys!O |
| ClamAV | Win.Worm.Picsys-6804092-0 |
| Comodo | Worm.Win32.Picsys.C@1zj8 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.51cdce |
| Cylance | Unsafe |
| Cyren | W32/Picsys.PYSN-0191 |
| DrWeb | Win32.HLLW.Morpheus.3 |
| ESET-NOD32 | Win32/Picsys.C |
| Emsisoft | Generic.Malware.G!hidp2p!prng.4205B45F (B) |
| Endgame | malicious (moderate confidence) |
| F-Prot | W32/Picsys |
| F-Secure | Dropper.DR/Delphi.Gen |
| FireEye | Generic.mg.eb27d3e51cdce9d3 |
| Fortinet | W32/Generic.AC.1B!tr |
| GData | Generic.Malware.G!hidp2p!prng.4205B45F |
| Ikarus | Worm.Win32.Picsys |
| Invincea | heuristic |
| Jiangmin | Worm/Picsys.a |
| K7AntiVirus | Trojan ( 00500e151 ) |
| K7GW | Trojan ( 00500e151 ) |
| Kaspersky | P2P-Worm.Win32.Picsys.c |
| MAX | malware (ai score=81) |
| Malwarebytes | Worm.Agent |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | W32/Picsys.worm.c |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.lc |
| MicroWorld-eScan | Generic.Malware.G!hidp2p!prng.4205B45F |
| Microsoft | Worm:Win32/Picsys.C |
| NANO-Antivirus | Trojan.Win32.Sock4Proxy.gkyfpl |
| Panda | W32/Picsys.A.worm |
| Qihoo-360 | Worm.Win32.Picsys.A |
| Rising | Worm.Picsys!1.C132 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Picsys |
| Sangfor | Malware |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
359d89624a26d1e756c3e9d6782d6eb0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00056000 | 0x00000000 | 0.0 |
| UPX1 | 0x00057000 | 0x0000f000 | 0x0000ec00 | 7.9075039579713575 |
| .rsrc | 0x00066000 | 0x00001000 | 0x00000400 | 2.791128521214198 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x00051958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00051958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00051958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00051958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00051958 | 0x000002a0 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x00063808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x00063808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x00063808 | 0x00000050 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library advapi32.dll:
• 0x466264 RegOpenKeyA
Library oleaut32.dll:
• 0x46626c SysFreeString
Library user32.dll:
• 0x466274 CharNextA
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
rrTlr'hd
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S( @NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
"]i]L-c}
zovj|Sg
9,vH.u!
?W[a,DE}
3YA t0t
WT:02[?
o!t1|9
< v/;"
8+;"up[a
w` -dAKg)0
<_EP3Gk<f
_k/Nmu
;Y&jV@
r4ELg`Zu {^\H
'vw6#|@!
W`R ZHQ69sk
&wc]ThhX+jd<gd[
4C=Br/
G8^7GK6
t>-tb
+t_$+xtZXtU0'>
DFw){-i}
~ExC[)A ;
*tAvar L0
Y12[g6
[1OH}DD
@C#m#
4.7@v:k
&DK_n2xHW
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RBM~QC/j\
Cv)/&D
dEJzEb
9;5Sc=];Z T7aZ%]g']
R`%uYnb
_PS5[ !A
AW{4h:Am\M
>Uhi20d E
C5@2dY
TOfpvT+
lOFTWARE\Borland\Delp~\RTL[
FPUMaValue6-9
9jK8Qb
uoVt6Vv<q!_~E!
fiYRjZjX)@tG
f}P6X^^
a;%~R5|
5l[%,y
#"4?P]Xp
R Z.;;
v).w U5
X;4zd,Y
l]u(h64R
(.u*5RNc
9Zd$,_
t=-oo."
/'=t&,*
?tq1(5
Q4pZ1P0,
Rn|t1S}h
5]_4V|K0nx]
f*+8:V
[$4V@Oa^
|BX"S-
\mBp-xX
~~:)~$Pt
!(Y6J4
}(VE<p#g{
JZ1!R:
Z).Cum/-Rf;0
Dk9:;//*
?OPyEV
oOEpq P7
JZXA$C
8t2SCn6,#
&I:H@W[yB0tX-o
lo}<v<
v,`[2B
>:2ld4Uf
*[1C9w
,K3A{JI'
{-Qu+P8V
m6.h{u
E)[Es$6C.
e`;>UF
cLtu*f
PV2e6{
+HP)^@_(.
?@Y6@pVY&
\kernel32.dll WGetLongPathNameA
l";H+bQaG;`g+J
jV4jxtd
5zjQof1
twareQcalesA+s
gml1h(
;Ufk#Z
V.*hGp-`dPDm
S0.J4?
m\b&d?,\
+KM<K MW <
3AP$#y HP$
Exceptim
gTPB$qEHeapZ
EOutOfMem%CyKvIX
EIn]Err[
t\ CBpWpBQ
EDivByZeroB Range#
6rInverflow4Tc
B cYe<UW<U6Xk`k
({UXW#^
_-M?PoinHV[
[Casto[$C
EC%i@^d<
EAcssVla"+`W`W.x
oStack
XolBtjlCklW
Fand(Y_+
fd(9;8[
D oSafecal
SysU"ls
$OZ,b3t
Bo3j3Ef
wV_$+X#
U?~(\>
_[KHWV
AlPO!>P[^_3
/0o/t!F<U
'lJ4<
Sp]64D
<%6Ju+E]}Q
}(_BMpZYN~vMD<*t"<0r9w9i
Xkot|'
9`]6Mi`
,FcW0vQp
?u vWr:
fVO_ P+;"
NtyM=o0_
=t~U}&
%&;|C0
F8}l`},
9uX^`=
M/c/).
DU.U7}n-]cg:s
Ic\@}B-ol
5-\zINFN
o)E]UJ
*Y/aHCTIt
m%ZT[YC
*$u_{(
Dw<D*Lm
| )A->
d69>{U3Q
c(o`CDHX`Ye,U"XG8C
|@`K1Y
_%9zp$$
'=XejK
6bAYwv
P!/>%A
Lp_5VR
|p/p;~^,Hm\
+2]&\m
CYGl!T{n{n/
a\=T8^
OY|jEal
L$H3X|
PPX;<=<o5
UD%tQ_
Fr,Z;&Z
Hk+F-97
aLGfLts_D[W
|Xs0fr
d1YSU
<HtHU3t7G5(
*LFO-Q
zVc0xZC
snuH>^
zH3j)SS
B|o3vF
$$Rp-Z
sxur\8Z4
=7;S4p
%MFWhaJf%<`]
PaBLN(NhN|
'"g_"3
hL^;41
o0}Wn9
6+Hu.jJL{
.?~iX
221` st
<?(.@3
dmH>#AK
pKhoNe#
+DiskFreeSpaceExAxT
p|4M5t
lxd4]$\
0TM5]L
<4M44,T$4MD
Ml4M5@ l|
;xffXVi
b|An/xtt
,f{Ap#
lfn h/Hd
RJHfwdod
!G>30YS
L2D@84
s@x*`dd
on cu
/\(somyrape).mpg.exe
{ear-ld webc
"tpifO Slay stl
emuo1c
_X pro }/ger{("K
f]oepoJ
nk@"JpUnZR
&inYF''jje- x
} nurSVc}
3noth b-
us vic"f
^/d 6}3!'.nikki]ovaD"` huHD
kMjob6o
K1Sutr
pk6KY3BV MZCZ1WW+I@
[`eAbB
[kYop*cbbyk
i3uckfk*ZL
2F3 gMh]Uwx
vtuamcB
L@.6o(
13)#OLn/*MSN
-Z;wNd
w0`#-_m^
r7&v3lg iF0:
h4wKUffNwq
-%up>?
([Website2LM:fA
`1wtu~Uf
;u!<guy
BTY[sD
CD KC_+GICQ[HF
TA 3bvk8Gr"=fau^:
$D1C9j5p
a3Gm]Le
C()rN1y
V/M4vmt\
;gMdG;
9;pan?u
Dbt6A.
7!e"7d
g(zip/aim-H
gW@hAIM
01FZodC
5 tA %
/6kH sib 6d/g
sKQxdIPUn,`
?]X3w20
aHbu2N/.csCl
x)?CaG$a.[f?
R/7$CaBs
M?$c%4
REEYl2%aaZ/%l?!b+
)w2s_a
77eaNp",
1J!+C)|1?6
(V=m!6)W)ZW9i2
!P+Rn0:*
Og2`@%cA{h_Bo\0,3f
Uh`'sB02dQ@t
:nP8rf
6]c2d*Mbn
-dr&mz#
;m1G3m/=
Ln=l-ero
t#5:T+ [sV1bqslu\h
weehay8`aMh&FtkU^5
!C.os^b!
]5gg'5bmX
6gq8qpkn-,
~xXq8EW8eeGL?j-
wYp-cLpl
Yk7w-MjsR#
>G+Ehq-pp@.Zpsy
c`lho|ipmCeB
oG9|eA&L1pGe
$Fr'4p43d;p_6
a7alp D
fxSo6ky-3fMpE
rbl1|;a
K.9=tZsguPxpV
utE0jH
L];P!xua
C6o7#mj-mR
pyhn@eHiiaAsDz&-t
B0wN0&
kyxZCz
s4po=0
j2+`hhsW/
Ecu`4`ndr!
Gs6H,Od\!%
a7"h(9x0;1.q"`YnJ(
i0enb+KI
iBcC\Spr
F$,;`>$4p3J0m"t?0hy
Ff2-a+
mroxwx!
; etJHH/0`'kiE
V / A$`v.x0tu}!
<pb31
+xb$l33W L!
`y>M-!
uec=pPt!zEac4C"Ex
85r[BIzRr
\,fadra0Bk
C#!;ph.
uAzjdo7sef1
!eIW7om=
8>H?`V
u1@$n*p`cV%6{ !aJb
%![pM:c
)$`by^
C1HOyz
hgL66u!`z
9]D56$
*MR-acya Vc
L_Tsa-#d-;N*
u3`5mKa
bnkqh`
C4wc;-+zyhH4E'
a\H9:d(b{2
79RUlley
:Hqx%W{
^djNtB]
g:f]mz
r$fbq-0 bu
5P8=l8Dn/
^7_\C"
0z<}G5!Nd{/zBY!hcz=0,
,ChJvjpb,`
cZjIpl2S%
%cd80k
X$4d3*CiY
>WQ)+-X
r2y.7'6a
)d\ajh
|pdwg&,B(
tvaa7Y2
"_[1n|2,
u%T%_dX`6-XU
, C]"Bi
shZJ:T
FssNaC^
N$q-JX
lLX7 iGQx
3%K+U<^
sZ`'98G
svw.7bIIp-iv
&-eRBPj4HD+zp{t)Ih
{BdK`50ae3
!7kA|+s
#x9seEbRy
#%5kyGe/!%c)+)WHpE\
SJY^Jjqj
LZRVbw
YWT=yJx
K[C@.~_KD
35i*VFmyS
0+tMICp'
1{YK]R
)pJ2y+5%L
\BMw,ew
Rk,@W}e
2Jt..[
%ef)aR/!
-O.&Dc
kso58Pt
J5glv>B
@O~Pe'
^!(^dcF
ov(+9ZKq X'qu,
nBb&+`D
%5mH&Ly!x)#CWu(2,
X`Pyi
! s[YA
#Ha\(%kh`,*$gRSj*L
YAasMg\;otAk
`YS9%M(
rH+(p ,
cBIF;%`N[#&
2/+i& ja
x37a2An
xw=lgos!o
;0I6VF^5X(K$
cqB,<jteQ
,'+,&2temdU
~D+!&%C
p`!cFS
lb;L)h
WUck_ y]Fup
wZlspH_f>
fmQa3<
%DkxL
*t"Y>0$y
|r-`F$\z
(aa 3oB#+[^K
.!+2M 2
8iHCk1
7E!HHEg2
Nji?% +\2&
0B5XRgw
!_"-2g46H
X8f Vs
DNsG!N1
+#E|HID
j !w}]
r[h/J
026fdyu
rd,ika`
H-$NS;
FzV.I8
tQbITj
BW#f`*<s9S
zD7x4j
6UGnjK(GL
xcfe U/a@$
k;\Z\CrVDap
:8+S9!c
^7)9{X
lhWH~<
<A{2wg
0,%d6}r$
ZEzGlq(
TwB.Ah
AP~Setup8, %
Kazaa
j45:3r98
6789ABCDEF
$,4ii<DLT\idlt|iiiMl
rr<UHV 'O
pRYMg|
i(Di:i
8Xp4M@
iiD`xi
$d,0tntn
6M,<|,,Yl8xie
iM(XM,4`
ef TMtO
h6M6$;
iDt O,
0\l T4M '
0g?NwMGIt
{/;MAv
LNN49 47{3
<3kM{!
&T?,[N
uF-i/a
tq7Lwd
afol g!
fJOn+a[\iF
l,}utt
Ax`i9nl3cfhi
Euesup
o?/}/e
}k-a6=Cem
Xl7o% )
b<Fr E
cysGv}l)
doi.}p
t1$Jx8M09
%"uh{tP
mWQbwpz
) s-CR
w=IayIg
SooSyen-
ad+i5D%
nq7`<Ycp+
7program Lbe run/
?Win32
$7CPEL
7ilt(i
6C/ODE
h'BSSvdy
j.idat>
'l@tls5
@Peloc
x'0=sr&'
dA@<8dA
! @ ?U5@ ?
lC v8SbS$Bc
_%?q;k
N \Tc
Lxc9
O c/yP
DWs`C0&r
>9cf0!Ga
`y%A@c
@8c1y#
'Ac( I
rA$$A@:J> chv
dJc_2$
`Ghx1QA[
WaSWK7
()At)$)>|(
3I5c$*,
| i|d"X[J>r;p
?;stv)P##J
CDU]wc
#>@Xs@-$)>Qrb
@@7\ g
0r 900&+wZ2
'H91OX
@^5-@fWF
6($_P'v
L8l$(,
@N$W '
@[,5O>
@41[N>$v
#G@O;!
9|{nu"
~!_~u_IYJ/$6
9himkWw
Hw;1$?_B
]g[>@1S
V8>OW 4
#HOU*p
:,TqBI\
B_l@ts@$#
@ ydo^
@+nGV~o
2 TPL2 HD@
20,(Id$3i
QWi $SQRXNr0Jc
2xtplr hE\
6AC *0[{
@H8E v
/yIEGHa
G8}WK3$
N4V*KqbErMg
vMcHi&#
! RL3
&Iw2R!r
Mw'tO.
?8!ZF
gV,XP
F)=pzP
@b(s76f
b_%P)D
(h;gq#'Pa
Pe%*p@x
9 fRB-)FW!9
1YhHY*
@HtJU'|/\
=PIj2-#
@8UpZj@UV{N
RG#C22!7p
fAC[h<>e
v: 1.31
Se0}rpath
OS type
directRy
dos*Ox
%urtim :
Driv-`a
[ (Siz^
82-*|#
JV;oX Pm ou
od.]s:S
3^Z$\'
k8'fFg
.<'$si<
5+jglfG
-#.EfzkEj,\f
>tV <<Q
C{rh`R
uc$h<9
GET /cgi-b/w.
d@&?AB
F HTTP/
%4SHost*_
s-Agen
(nx/7.5
a Sm}{0
:&<e9)hpdG
P{bz8 83
b)r5(eS
g-\V0u
"<*D5G
)h+N<h
=l9'ThS]
fc90h\T
GV_J]BN][
l)!Ia;pXq9
yh>su(`qk
='%H@V#K
"ht2SL
m{Pk<p6
W3A@&i
wNK2PW}#
f>9Y>O8
HtTcc.
Z0^NR;
A7 OMl
=,&VSR
'dvKERNEL
DLLReg&:D
icePro
RC0xFF0BH`
7\mZexc'krn
lf|H!i
*8HiTbx,i
4M".J\lM4Mx
v4M4tn
"8M4MJ^n~0M4u'MW
Rdvn4Ml
YcalSu
G*'kThH$Id
6A-S[pj?{foA
9'L/XP*OG
_Lin:L
E{a3Ex
E-Of<Afxvtl@wi
dHk[GL{
u35w-|Keybo
d9Mage
[Box9r2xt
e7hJpi9GQuJybE,
o{aut?Fvg1STls8[
ofsourc
2$4NpH{
{@E9opy
47Trsl
Ua cYZ
tE0ar Isb
>WSACn
AsyncS
c2CCv|4n
r7v1oh
JbiIwI;YhS
{![/G_K
KAN S
-b -%o!T/i
o lPu=7RichI
'Td`^-
|v<Wn@(
{d@.&%|
3*oLUN&9}
jn4xP39U
}$0/tPA%
BP;-|WE
U"YR[7C
nwY~^3
8@b(II
N,RF0+
c0^zW/
^1^,2p
XSv,WMFTq
|GtKxj
Yt;3w,39YFj
syBUCW3.
Ni|M@6S
kaVh-p4
n<Nj,(9j
y[p].W]c
7'j/z7wuona
UmP8=?Emh#
U9eZnJ
YfhX/fm
UM|[yFY;)m
^E/LD&
lpJ}LR
bGewD@3p$DGD
p%}]hP
P4#i:k4
g7/Zp~
uHU$(?S
l5E\|$
Y^(2;J
a%KkL1$
6nap[dY;
F[(D i5
`FA0=j
VCEtn^
3j>=B0pa
sr-^Tt
#JQm:>_s
@K"ZF=
eWSn$:
HB3 u4_v
r)$h#_
ug#F!G?Mu
D<4_4,$
NaoXOVK w
(<%0[s
B7bVEd
8t68t't
FRlGA&#p
ngniMv
k/4TXi
kl_<hhh
a[5"s^h
C|GWh(
jhGL<Pu
ifUcQ6@
CH;rWu
p7SUH6(
/V[X pe
sN)0)Qw
^;^}%95AFzL~
QWy+AD
GEA7 VQB
Mxvk-j
FQy?m5F, ZH
(KLT^t
jWfdb{od%
U6?2pJzO
FtdPXqKP
{x`,!>\8@f
v[,V-qv
"nKSd+!
@/$Y%U@r
x,lePp[
X5x [ss
WY_6]l{`W
P,=K-QA
u+u!9$
@>;vbn
!mLRIrJ
{&(,QC 2
[(4d(+BK,
e~ < ~
x[i[.|s
uYn$s{
J-]:D7
t)f?\XMv
fj d_[
HN$a }+
hA[bfj
E0\3K@d4xt*A
WZKC|N$
(Bw<GwHn ^
V,v7Vo{
F_&{[J
zP`NCu
LJOI;\[
NY'>__; SL>!\
NKYKA&YYY\
)YK6\3
!OGZs9
u{X,jKYKK<L\
4,a9<$<
YKe6p7WlI2Pntl
(08@r|DdP=
FuoWWGShH0
4</ s.u$
R8gtfa
}s{tVdgtvu
AFJ"gB^iI
6Ff@$`
WtgB>+s
aneWP32
U-En:
0W*lG$H
t-[pTy HHt
,*uD,P#X-R
4a.|GG'w
%':0G3
7lo@@!
lK<2^)
"g:`v*G
t3V`$,Bt
^lk$ Y]
-:)GQ_aWC
#5]'<+/@
|kXRPW)
oWp9g~
'A^'Mf.B%
\5m]Y+jQR
fE-N~!
.> -bA
00ww:;
FKd9#=
~X>uFX^=
9N=>=C~
`,92n
@~DUtJA0hy,"]S[A6
pPjh|J5,
.$t(4v.
hcF5ZER'
YVC20XC0
ek>!s{
ltEVUk
]^ZroA
3x<%!F
`=A8 t
b[I"UU
7UuDhG
Y/'$PV5
@"t)h%
k-PH+Jf(
"\J3@,
@X@P{!0
zpI!-?p&33u
4;2l]#
VS's#Lt<%J`Ht
Bn+@jfS
dgh<94
|9=g}VL
^F?kC;|`#
@*whqu!h2
'hl,[&k0
V@VU];,
XCd$z2
hVtc<Q
fXy3[JV
2) _{u-
/Opd [3A::
_uu{Uc0
WQOS}vM&QM[i
:Gt~I:[
BCYP)C8-[jZm
8Lf@8pyYs
+;as)[-
)v-+I|
mU5YAFI
6,663i
)=sQV|
c Ap,|
"2 CQI3$W*
V+rKbq~X
NL`%3o*nP-;n_
n3XW2H
tt0B=td
b1Vw!@%d
@V|yaOR
c}e}5Pv_;P
|7SWUU
BuMPBBBY_[j
3'z]=\
)ttwsc
;Y5.'G8t,A<
vWNAZ '&
.EK997t2
V 2y{i{It
~]VGk<E(u
#o@>@<FT-
<Z)?Eu7f
oQn53TG
nJF;s|,"9
?-h@rf
|0t$j6
d^jIS\
:==6V,
x @L4MXlM4M
*8FTiib~,
,M4MBRb~uM4
(6HTfilx{
(8PXu
)(null
CTLOSS
SING_~@
R60pE28
R-pSf7'7U[e
lowi8e 07
S6std55
A<pdvbA3c#
(_nS4_*ex\/Xv^
W#70$mt
@n!rm{t
Q.+8<Sargu(s_02EAfnu`O:
ADembm=
gneAil'
g_WSKG{{C7yC?;3{n#
C;7{/'#
TSOCK}
CT!trl
z%2@aSjPa{;be
gZlK-zxf
W.e;/ToMBy
NHTO5R
7aP9|IP
f[Buff
d^yh H "E
/html9
^,>:</
#hCm>Tnns`
'%s'1.#r.(
404 Nkh-s
a[9n?A
7200k\o@_bMX
>I /2..2;4h
pOBfTp:tps:Z
lW_Y{l
8 (;C6P
"@Kj@D:
^__j2J91~@4r
0,4M($
iii/ii
xpd\iPD@<4
X/A/cpe'kST[PD?$v
PROG[`
F_8ib[&
`e=O!s.hV<
Impla4Vl
cpxBase
[CLS:CS`
DLG:IDD_CHOEPAE*(Exf
U.S.))1b
@Ddb=7
1=V(C_TY.D,f%,1342373892~` FILE$1772%J
L3PWD1@
!CRbO:
t(x1u,
'_hX*z$`
BeP&5;
DG*oaQ
nwd}"M
]hLn_[>*N
0$hZ\6;{n8sj
SZwDnQZ
J4{ION
I^Mg;|
? Wqv2
PHBV'c
Z9:)V="
|t>6in
8[kPlf
|.jhdA
-^<37Y
O=o#[w
$UL2 (e~
v*B?42/tc
(Gudwhoise'
3QicHu
lysri-a
@Ef+953@
LiE/-i@udFr! mt
P7boo:f67]8,
rje""7N@Ej
l0Ck?8Y*K
0ul_port
(sO%jVcx)=[
'ID/X*h-,
Ek*f!lZ<-a\9!l\
fG6e1!a
p_W~s4A
s`<LhP
e&y520oN<
Gr%30fn>rpc!nfen!ML1chEve
MITk&Dwsk2F%
:-rgQ'
Guu4}I
IKkP4/PNTQi
>P^nixiie
/M4M4M=T
M0:DT8*Y+8K0Ew?k4
;sFYAGG
+KqMYAl)O
+MCV@.YC
emcpy5k "
CRT#'(
1109pF
`9142a
45p%C497s
Ry0)d#85:V-
ad3R/!Ey
(^l> i/a
ePJFa!`
cd,aQquqdQq
o`^Dd4Nsao
`V6B'w
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
"2CaQs_[IY
orx>"j
XnOE%i.
gO:1F)%lI/s
js=TT)
b$e<:9J\L;
0}Z6,h
SRseS"
D9(k+I2fA
<Gq)`Yvz
.m&z#_
U9=W[tGT*\OP*'{VeE
nk&9!q+|J
Fmam^TK^Lf?QLe,t#
Rf/Gc?jB,
t2l[vv+}
N174Z>-k8_)
>B)MAi
@cGc|?>Z
S=>(Y\7aAuHA#
/{m{ydH
Ne3>!$Jz0
z,BpCqfG
\2D"wNei0u
-4f6y3+
xj UCom&
F*"6K!.L@:(q;rf
C[XWad"
|XST-1?603xoA
mWT|cT
,RM+j-A;
!K`.QJS
zH;Qz=
||!|]?vL
$bSuAwD
.zvjJ
xPx)|>
CMg_(hJ
0zp(=z
F}EBdw7k
FQ#}<LHUE
=go(P9R
z>qZMVTEWM_
ZG-H }
avkr!lzO
(BSp>8Pn>c8fJ4j]
MrCxkA]
=[0sCpb
@][cN|q}bkR
L2uE5=
g:De6jZxnM] N
Ck/+;;
=p)z1Z)H\8Ckxeu^L?
U)h2*s'
atSL#RMtF>QDK
&b6FQpeiUc
A%u78B
'4^S8WI
_QZ%lH
H@bTHaP8##A
Gu "Y+Z01J
ZFI~9~BI
Z Y?*U/h
qW>HD3ipR&3E
>+YrD;
]{;!YZ>
.{N`3}O(8
ATE3<VAP
yK)_&;zJ
SD#^*B
^TsfdF<@B5]]
!!cr{NY_Ho
&"Vo8]m
$pt[X^,rAj5]
}bS@,*^
6|3CZ6b
QU NOL3^,
XnY8%A
.Q&RGh
:>fd]X4
d*+$#W
{u_gcYO4"
qn]}ygp
1p?;;vs@L
=qtmxQSj[s
&:m|zlt
]Z2C{fZ
!ZFW<m{%bGO
~$.5J';
G!EFC=N;
Y3qwv51iL{JNq
;D"(g}
09..:( ""
IO$79nEb
.f~](N
A\`2 frCZQ
A0hHw)
/ Cl;7
Yda%#]'Chi3Q28
pMQSNr_t
[\eSI
^qZh*=
Fl|M;O|3
Yn.3<0>S|V1'n|X
izjVup
<_H-0Es
znCJ=YR
x&:v#[
$8qd\\urh
1f]5x+e
nwGJT/*J
gZ0YfVH,e9J53]*mubCHv.O
UOUo9e0
I4\ !{+2SH
];8_}
RQR1g@dD-s~)G3OL)JEP
#++T@i=
$\:j[oyd(
]P'f/nU
DTM>`-
ABH]wl1
UH)~sW
`0.9`1W2
}*S+d#
FSZm$&TD5u
0BDlx-[}
O:pV/-
[sM<yZ
kbKxER`&
CXs:M.,
nW$awsfd|#H1
RB2LWitc
})z?N>l
z#H;,_
w>f'v9
LWW:9MBu?
hw}U4`o
$Fl^5qommj`C
+zk-p?8{S
IMG=U24
(O64wsu$
MBQmL
%5tR~Gv-|{Xi@iSv
]V"8.i<w`1E
ZNc5gD
K 7NWd
sLsFY:J/$
Q~_(xG
DSWFR|
j$p8/L
cM}3b'
AS^e6mp
>(Bh,!
kJ]o3/; W
1'(fI$.
f19tmiZ^
C"t(}&Jd
:9sPFEsX{
g1/\k!
5:xu3>?pL`@
oclVSj
8ipPcL
~Cs~6k
=X"PAM
cf=z9<h
vnlMtr"mFHZc`
3(>nVPAD|!e
kA7SM)
PX8feP
4u.M!63
*u z\ xQ
z*+~qo7r
^"3K]'
OdOJ'ml@
!D5+UI_
unrb0Cd
eU REj;hv&
R'Wfk^X
''H1n\rh=r.
U7kv|/,
Yp2B!|n
^)p%0kH
rKrdUxOws
zhc6#eM-
qI<rZ#;
"{D5"=
hFh.@|C
V3o& V4
=)eMI2gP
YSEtAfZOfxB\p@:dz
vs/hENg|3Q
<NoRBQa
R)u&%-
I)]ll;
V\*Adv``7W8^2Y)dk
aA6ju9
+850`qX
Fi5r_i7zPW
,G'L%p22x
r'6o&37@^Z4 R
u/ ZAl|
wo=gLl;_'n
.lrfFmF|>}
?WBwk%_}Zn
~gR(4"
T&/t :
iFb}5nO=Z_u
OV}!&:
+HSLKP
>Z?[+E%Stapdpa
cmmD7:.6
v;i."r *%2
kn.ZV?^hY
yyeh>#ux"
1k^#_:%-
b>vp&C
n}V$ =}$(tvU9)
Vq/]|b
%PBrQ_
PG.#[? 7?
6*K{0M9cM b6
4DH9cvdP[eFE
E{-/P'
pA1V5!#y\
U"r|$gA
t:g?NA"q+E
yO"NEM
rqPK;s#B
YyG_n8i
szw\XUA
/890;Y
Ame/yNC
|8$/m}K
Wb;BQ[d]
Z!k^*uwQf/E{
c$H5X.
K]eCQp
z}y`Pj>
u2ukc~
|=,)ITE["
>sK|`any
ymX%/] d V1
7(#+oO9
aqwT8.
dw?0->4
*P#\)yWafk[`
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
Process Tree
- 04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe (616) "C:\Users\Administrator\AppData\Local\Temp\04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 2cd26e1b0023137c_two hot college girl fucking in class.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif |
| Size | 69.6KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 55dfea61745f7036031e2e6fca7e81d7 |
| SHA1 | 47cd98e2569e04fcce1303d1c173f2a33843eae3 |
| SHA256 | 2cd26e1b0023137ca89cd6ff560a33e4557b69b42f64a497eb02c7685bef8b26 |
| CRC32 | B0F82CD4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 351c47ad85be6b81_drunk college chicks on spring break.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\drunk college chicks on spring break.mpg.pif |
| Size | 81.7KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | dca620666f5aeec77095638c017bda76 |
| SHA1 | e9cd3690a24df4cdeed336784a860a456f6d4a2e |
| SHA256 | 351c47ad85be6b818b3a1f84e007f2c45308f18b481881834f902f81c41e8538 |
| CRC32 | 1203297D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e03398391d1784b_hardcored blonde mature.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\hardcored blonde mature.mpg.pif |
| Size | 72.6KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | a948592097ecd63a2f749cf086b1e93c |
| SHA1 | 9510e6bc6f78725b04784fc08acf252797d6164c |
| SHA256 | 9e03398391d1784b14dc60cee396b358b9319cf6bb732896c34ff38a54c3f3b1 |
| CRC32 | 4EC19A8F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 02f9179c6e889281_aol password cracker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\aol password cracker.exe |
| Size | 89.1KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | c3c9c72b77da319320ab98483d945b86 |
| SHA1 | a2efaff437fd8cf8f285196b381f144f2d49bf9e |
| SHA256 | 02f9179c6e889281f3c64235d01c01e4e5e62dd74a6c6db437cd762e09958992 |
| CRC32 | F8FBEA30 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5ec6be68bcd3d4c6_hotmail hacker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe |
| Size | 77.1KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 5d13b7e0bf96226d069fcbd184ca09cd |
| SHA1 | f29af7a8792c7a4dd767f8886fb47e3dc7a71f65 |
| SHA256 | 5ec6be68bcd3d4c6575e8da0b83fdd45a26965c79a86fefefa443bc61b3a3226 |
| CRC32 | 7CC96D6F |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 245e378fea6446a4_blonde babe handfucking herself.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\blonde babe handfucking herself.mpg.pif |
| Size | 89.5KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | a521d6c8cf753be379398823f1f380b7 |
| SHA1 | 3b92fdaa96a9a51efc6184e0011d52f25b8e1a86 |
| SHA256 | 245e378fea6446a42620988ae2a381b1bf7329bb26e8a63bc40e2f9f6a9b3a08 |
| CRC32 | 639AD16A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 04e9123990e5170b_toon tramps strutting around.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\toon tramps strutting around.mpg.pif |
| Size | 77.3KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 52ee6932c52854ffcf2ce2dab1a9b627 |
| SHA1 | 79c3a474f8295b234a69e294689bd4e44c234c4a |
| SHA256 | 04e9123990e5170bff1aebe32bc7be7749f0d927d3d35538a977d96bafeeec4e |
| CRC32 | C9AEF07C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6ea2b5da69152e82_brazilian supermodel adriana lima.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif |
| Size | 86.5KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 4bf7231626dee4e93cd1d01662307f2b |
| SHA1 | 07c7ced8cb6736ae69e3029a10d43e6602aa0b7d |
| SHA256 | 6ea2b5da69152e828c97ed6e6b1d4e54871bc43f1e1dfd14eebdb1e43f7b2983 |
| CRC32 | 8D8F86A7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3aefdb5159a25839_lonely teen thinking of cock while fingering it.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\lonely teen thinking of cock while fingering it.mpg.pif |
| Size | 68.9KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 88d11b8f515ad48c46653a126f2ea1d0 |
| SHA1 | 211b917085adffbcf7eabc6e68c8dbee3e195466 |
| SHA256 | 3aefdb5159a258399b594baf3f7724bb7dc193258d21e722d91634b7876cf618 |
| CRC32 | 4F281530 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 11bf4b7b339139b0_yummy lesbos licking.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif |
| Size | 73.5KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 7b377cd3052f674aa7a419e314f8c27c |
| SHA1 | b088be03b56e46cc7d8821ace88d3dcdf3af4e82 |
| SHA256 | 11bf4b7b339139b05d6427abf90ac3d41356217927ada142df438191a5f3bd87 |
| CRC32 | 9B2D3FAB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9b1b2290d6f117c5_jenna jameson nude gang bang forced cum blowjob.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif |
| Size | 80.6KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | d87bd01c6da32d78b9b94a9413ea10be |
| SHA1 | 249b86f2ec2c95d696fd8c595289452d2b520fa9 |
| SHA256 | 9b1b2290d6f117c5a233eedfdb5459ddaec2e4437e3ba0a2b8b319b2e7e5580a |
| CRC32 | 0CB4DC1D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 43e9c9aa3d62188c_winxcfg.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\winxcfg.exe |
| Size | 71.0KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bf30213b41d81b53061306ebaf8c16ee |
| SHA1 | 1c41c0db6614a51259f07226f359e819fc35d591 |
| SHA256 | 43e9c9aa3d62188c0ccafa46901e905ca95b192783f3aafc6a66326e7e5437eb |
| CRC32 | BFFF09D3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 66169398131f732e_two teenie boppers learning to eat pussy.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif |
| Size | 87.4KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 39f264a298223201bb62acbe2c012956 |
| SHA1 | 3c61fb20180b92db7f82a43e2a0697862487d821 |
| SHA256 | 66169398131f732e5597ebc60de01658340c8a02e41b7038c4567d1a2b4a7456 |
| CRC32 | E4CB7EC0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 35481ca5f0cb8325_xbox iso 2 rom converter.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe |
| Size | 83.7KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 2289bb486089271e757344f388f256a4 |
| SHA1 | 705e9edf955a4aa204b6d8188fec558161cf8e6d |
| SHA256 | 35481ca5f0cb83251fdc21b115a286b01e363e96813e6a00aebde6f895d745d6 |
| CRC32 | 08EAACA5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bdb387e3a3a4e506_kama sutra tetris.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe |
| Size | 86.1KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | d3e867f3c5d8d81dbc46a1b9f58cbf66 |
| SHA1 | 370a24f34d907ccbcc054699169d7e6005a40aa1 |
| SHA256 | bdb387e3a3a4e5069c10a5d23ce7986db4b53366d34b6799c0658ffe6558afa3 |
| CRC32 | 9BD17285 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4d2fa625a5ca8341_want to see a massive horse cock in a tight little teen's pussy.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif |
| Size | 81.6KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 8de91c7a36c59cbcf5ffef90f43acb0e |
| SHA1 | 04b0f01c054f266502a6626d20e5cbfffec1c82a |
| SHA256 | 4d2fa625a5ca834152bb8991189e663ab685a69118fcbdffa97f59aeaad9aef8 |
| CRC32 | F94A5379 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 93eec61cd7953291_sexy ass black slut sucking huge cock.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif |
| Size | 80.4KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 20ba0478c9eb0cd602b3507f76f8b047 |
| SHA1 | d40e09aa8e9bf3c27e4eab1093a5d382e68b939d |
| SHA256 | 93eec61cd7953291a1f4938e6575ab4f0d8cb5c96eef1decc47d24992730c2ac |
| CRC32 | 1D96B5B6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6229632a806bae82_15 year old webcam.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif |
| Size | 77.3KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | a1cc896f2011867dcde00ce65632ac18 |
| SHA1 | d6d2a3c13427727dfaa84235ba05cddb00a7833e |
| SHA256 | 6229632a806bae825ff2f3180ef3fc6e5c1f8b5255d9dd741ebac6691380fec1 |
| CRC32 | 11FB9E0E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2000177a339da952_cute blonde cheerleader dancing.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif |
| Size | 93.0KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | a26b9b2ee480aadbb13ef25482271dff |
| SHA1 | fb99c1d1b98e31b5f703b327282ba80e4fd0fac9 |
| SHA256 | 2000177a339da95254f66128fcf0143f2ebf132f2ecdcf51762d14b505e197ff |
| CRC32 | 6C9CD28A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f592823cd2c40782_patricia arquette showing her tits.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif |
| Size | 92.5KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | c77b24cbc3e484d93d67eeac2250865f |
| SHA1 | 16d89e80b07184a3950fbe54c948164d95d09511 |
| SHA256 | f592823cd2c4078228b0a8ba1b3dd150bdf8685301fcde7cfe0bb6b45134070c |
| CRC32 | 82A73B09 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 465b40192ff12deb_babes taking turns munching on hot beavers.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif |
| Size | 86.2KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 19ff77e0e918ffe07d4cd8a5bdb2abcd |
| SHA1 | 0927d8f3abba5264e26529e03e479d45b836dffd |
| SHA256 | 465b40192ff12debf121dba4b85b6f4274f988fa6793d0c43bdb779b38f14f34 |
| CRC32 | AE64C9DC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 872e35a8f22fb2f0_spying on gals in toilet.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif |
| Size | 92.1KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 62e455453d09a709b2f1d955eafa17ee |
| SHA1 | 66b8f08c5314a3c92dfbeba3897609d0cd98d258 |
| SHA256 | 872e35a8f22fb2f0c88e019fb1fbcbb7a0d0c16088d7fd916fdc6718c56a10e5 |
| CRC32 | D9319A2B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1d317e2d5709077e_two kinky old lezbos snapping the whip.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif |
| Size | 90.6KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | aa7a8c44a16caa3aa674b1b2d8efb350 |
| SHA1 | 1056faccde8d31f90de7b4843a26f258a7a52ecc |
| SHA256 | 1d317e2d5709077ee2fd7394de540f9f64609e4f4be114016d8f5987e24a8df9 |
| CRC32 | 9E452765 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e843038633331138_euro moma with big headlights and scrumptous ass.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif |
| Size | 80.2KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 3d7ae14dc37b6bce339ca309f0ce3e89 |
| SHA1 | 7dd0fbb3097b5c0bf5bcf5840a624d3679dd6b52 |
| SHA256 | e843038633331138b7ca10a9490d4fb853496f217e197425b0f696e38e37bef0 |
| CRC32 | D8513224 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b11e29f57ca259d2_cute girl giving head.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\cute girl giving head.exe |
| Size | 71.2KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | b1c92491e10d3495aee80dae6c6cd117 |
| SHA1 | 31b13a4790ee07de4a60c4a445ca31491e3baac4 |
| SHA256 | b11e29f57ca259d2d4c67d85a538bcba70cae72f3a3a963d22d815d11ff50c3d |
| CRC32 | DB3A923D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8cfad9d71d2dc5c2_two dudes comparing dick sizes.mpg.pif |
|---|---|
| Filepath | C:\Windows\SysWOW64\macromd\two dudes comparing dick sizes.mpg.pif |
| Size | 84.3KB |
| Processes | 616 (04fb20cb4dbe2afcc8b735170c70d6fc0b82c6a5bc850116928a5d8735b6e88f.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 071926023f937ec284f0883db51179b2 |
| SHA1 | 88725aeb960e0a335c57465750b991248cac494f |
| SHA256 | 8cfad9d71d2dc5c2b69ed9735951d1dfe63256b031e6e35bf9c69a597042eb5c |
| CRC32 | 739D4437 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.