File SpeedyFoxPortable_2.0.23_English.paf.exe

Size 928.0KB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 169e0f77789917cc8f544e8b647f3433
SHA1 fa5908bf8901acba1e3bc781d6a3d685256df1cd
SHA256 1c388c2015eece5e923e901e7d9e6999c9637689a31e921857ed3c259bb49484
SHA512
41bc9b9393ee89ba1e7187d83635884b5eb09b8d491060b46e54ef9ee87fb8b9048c621f45af5b9ba2555430896769ede1de19581aeaafa69f22f4ff66f6daa8
CRC32 564EA851
ssdeep 24576:O69D6UQRCVlQQnLvoaKfFYVD6R4l3UxWex:p9mCVlQQLvoD+QylEUex
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -

Score

This file shows numerous signs of malicious behavior.

The score of this file is 2.2 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Jan. 9, 2019, 10:33 a.m. Jan. 9, 2019, 10:38 a.m. 292 seconds

Machine

Name Label Started On Shutdown On
winxpsp3pro32 winxpsp3pro32 2019-01-09 10:33:55 2019-01-09 10:38:07

Analyzer Log

2019-01-09 03:11:55,015 [analyzer] DEBUG: Starting analyzer from: C:\kxswn
2019-01-09 03:11:55,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\dtzkKqomcfnPqRfYGUPTz
2019-01-09 03:11:55,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\XSWZGuXtePVsNgGexMwojIhUQVYz
2019-01-09 03:11:55,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-01-09 03:11:55,015 [analyzer] INFO: Automatically selected analysis package "exe"
2019-01-09 03:11:56,717 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-09 03:11:56,858 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:56,858 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:56,921 [analyzer] DEBUG: Loaded monitor into process with pid 692
2019-01-09 03:11:56,921 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-09 03:11:56,921 [analyzer] DEBUG: Started auxiliary module Human
2019-01-09 03:11:56,921 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-09 03:11:56,921 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-09 03:11:57,203 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-09 03:11:57,203 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-09 03:11:57,312 [lib.api.process] INFO: Successfully executed process from path u'C:\\DOCUME~1\\zamen\\LOCALS~1\\Temp\\SpeedyFoxPortable_2.0.23_English.paf.exe' with arguments '' and pid 1440
2019-01-09 03:11:57,421 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:57,421 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:57,546 [analyzer] DEBUG: Loaded monitor into process with pid 1440
2019-01-09 03:11:57,578 [analyzer] DEBUG: Received request to inject pid=1440, but we are already injected there.
2019-01-09 03:11:57,687 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsr2.tmp
2019-01-09 03:11:57,765 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\System.dll
2019-01-09 03:11:57,905 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\FindProcDLL.dll
2019-01-09 03:11:58,092 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-header.bmp
2019-01-09 03:11:58,125 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-wizard.bmp
2019-01-09 03:11:58,437 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\nsDialogs.dll
2019-01-09 03:11:59,125 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:01,250 [modules.auxiliary.human] INFO: Found button "&Install", clicking it
2019-01-09 03:12:02,280 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\w7tbp.dll
2019-01-09 03:12:02,390 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\SpeedyFoxPortable.exe
2019-01-09 03:12:02,405 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\help.html
2019-01-09 03:12:02,421 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\Readme.txt
2019-01-09 03:12:02,437 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon.ico
2019-01-09 03:12:02,453 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_128.png
2019-01-09 03:12:02,453 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_16.png
2019-01-09 03:12:02,467 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_32.png
2019-01-09 03:12:02,483 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_75.png
2019-01-09 03:12:02,483 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appinfo.ini
2019-01-09 03:12:02,483 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\pac_installer_log.ini
2019-01-09 03:12:02,500 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\Custom.nsh
2019-01-09 03:12:02,515 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\SpeedyFoxPortable.ini
2019-01-09 03:12:02,515 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\DefaultData\preferences.xml
2019-01-09 03:12:02,733 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox\speedyfox.exe
2019-01-09 03:12:02,875 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Donation_Button.png
2019-01-09 03:12:02,875 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Favicon.ico
2019-01-09 03:12:02,875 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Footer.png
2019-01-09 03:12:02,890 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Header.png
2019-01-09 03:12:02,890 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Logo_Top.png
2019-01-09 03:12:02,905 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\AppNamePortable.ini
2019-01-09 03:12:02,905 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\LauncherLicense.txt
2019-01-09 03:12:02,921 [analyzer] INFO: Added new file to list with pid 1440 and path C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\Readme.txt
2019-01-09 03:12:03,375 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:05,437 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:07,500 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:09,562 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:11,625 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:13,687 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:15,750 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:17,812 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:19,875 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:21,937 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:24,000 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:26,062 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:28,125 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:30,187 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:32,250 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:34,312 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:36,375 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:38,437 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:40,500 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:42,562 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:44,625 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:46,687 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:48,750 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:50,812 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:52,875 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:54,937 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:57,000 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:12:59,062 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:01,125 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:03,187 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:05,250 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:07,312 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:09,375 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:11,437 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:13,500 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:15,562 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:17,625 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:19,687 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:21,750 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:23,812 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:25,875 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:27,937 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:30,000 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:32,062 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:34,171 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:36,233 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:38,296 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:40,375 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:42,437 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:44,500 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:46,562 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:48,640 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:50,703 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:52,765 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:54,828 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:56,905 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:13:58,967 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:01,030 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:03,092 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:05,171 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:07,233 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:09,296 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:11,358 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:13,421 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:15,483 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:17,546 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:19,608 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:21,671 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:23,750 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:25,812 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:27,875 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:29,937 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:32,000 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:34,062 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:36,125 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:38,187 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:40,265 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:42,328 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:44,390 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:46,453 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:48,515 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:50,592 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:52,655 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:54,717 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:56,780 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:14:58,842 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:00,921 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:03,015 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:05,078 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:07,140 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:09,203 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:11,265 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:13,328 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:15,390 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:17,483 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:19,546 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:21,608 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:23,671 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:25,733 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:27,812 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:29,875 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:31,937 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:34,000 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:36,062 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:38,125 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:40,187 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:42,265 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:44,328 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:46,390 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:48,453 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:50,515 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:52,578 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:54,640 [modules.auxiliary.human] INFO: Found button "&Run SpeedyFox Portable", clicking it
2019-01-09 03:15:56,467 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-01-09 03:15:56,467 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-09 03:15:56,467 [lib.api.process] INFO: Successfully terminated process with pid 1440.
2019-01-09 03:15:56,530 [analyzer] WARNING: File at path "u'c:\\documents and settings\\zamen\\local settings\\temp\\nsr2.tmp'" does not exist, skip.
2019-01-09 03:15:56,733 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-01-09 10:33:55,500 [lib.cuckoo.core.scheduler] INFO: Task #624: acquired machine winxpsp3pro32 (label=winxpsp3pro32)
2019-01-09 10:33:55,738 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 5149 (interface=eth2, host=192.168.128.102, pcap=/opt/cuckoo/storage/analyses/624/dump.pcap)
2019-01-09 10:33:59,042 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3pro32, ip=192.168.128.102)
2019-01-09 10:38:06,756 [lib.cuckoo.core.guest] INFO: winxpsp3pro32: analysis completed successfully
2019-01-09 10:40:01,076 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-09 10:40:08,709 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50aa3750>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:40:08,710 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50aa3f90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:40:08,711 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50aa3a10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:40:08,712 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50aa36d0>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 10:40:08,712 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50aa36d0>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50aa36d0>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

The executable has PE anomalies (could be a false positive) (1 event)
section .ndata
Allocates read-write-execute memory (usually to unpack itself) (2 events)
Time & API Arguments Status Return Repeated
Jan. 9, 2019, 12:11 a.m.
NtProtectVirtualMemory
base_address: 0x10004000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1440
process_handle: 0xffffffff
success 0 0
Jan. 9, 2019, 12:11 a.m.
NtProtectVirtualMemory
base_address: 0x10004000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1440
process_handle: 0xffffffff
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 events)
Time & API Arguments Status Return Repeated
Jan. 9, 2019, 12:12 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 18093906989154308
free_bytes_available: 193654783976932105
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable
total_number_of_bytes: 563886256291840
failed 0 0
Jan. 9, 2019, 12:12 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 24103710720
free_bytes_available: 24103710720
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\
total_number_of_bytes: 31453437952
success 1 0
Jan. 9, 2019, 12:12 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 5339348723570775
free_bytes_available: 845431476544928
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable
total_number_of_bytes: 5340688753360896
failed 0 0
Jan. 9, 2019, 12:12 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 24103710720
free_bytes_available: 24103710720
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\
total_number_of_bytes: 31453437952
success 1 0
Creates executable files on the filesystem (6 events)
file C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox\speedyfox.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\FindProcDLL.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\System.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\w7tbp.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\nsDialogs.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\SpeedyFoxPortable.exe
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)
Bkav HW32.Packed.
Trapmine malicious.moderate.ml.score
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x00019a00', u'virtual_address': u'0x00056000', u'entropy': 7.5332238071750455, u'name': u'.rsrc', u'virtual_size': u'0x00019990'} entropy 7.53322380718 description A section with a high entropy has been found
entropy 0.762081784387 description Overall entropy of this PE file is high

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process SpeedyFoxPortable_2.0.23_English.paf.exe (1440)

  • Opened files

    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\DefaultData
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-header.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable_2.0.23_English.paf.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other
    • C:\WINDOWS\system32\oleaccrc.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-wizard.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox
  • Written files

    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\AppNamePortable.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-header.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\Readme.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\System.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Header.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_16.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appinfo.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Footer.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\DefaultData\preferences.xml
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\SpeedyFoxPortable.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\w7tbp.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\Custom.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\SpeedyFoxPortable.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\help.html
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox\speedyfox.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Favicon.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\LauncherLicense.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\FindProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_128.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\Readme.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsr2.tmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-wizard.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_75.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\nsDialogs.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_32.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Donation_Button.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Logo_Top.png
  • Files Read

    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsr2.tmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable_2.0.23_English.paf.exe

Process SpeedyFoxPortable_2.0.23_English.paf.exe (1440)

  • Registry keys opened

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels
    • HKEY_CLASSES_ROOT\Directory
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\SpeedyFoxPortable_2.0.23_English.paf.exe
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
    • HKEY_CURRENT_USER\Control Panel\Desktop
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • HKEY_CLASSES_ROOT\Folder
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
    • HKEY_LOCAL_MACHINE\System\Setup
    • HKEY_LOCAL_MACHINE\System\WPA\PnP
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
    • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Debug
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT\UserEra
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • Registry keys written

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\BaseClass
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewWatermark
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
    • HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP\seed
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Control Panel\Desktop\LameButtonText
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt

Process SpeedyFoxPortable_2.0.23_English.paf.exe (1440)

  • Mutexes accessed

    • oleacc-msaa-loaded
    • MSCTF.Shared.MUTEX.EFG

Process SpeedyFoxPortable_2.0.23_English.paf.exe (1440)

  • Directories created

    • C:\Documents and Settings
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\DefaultData
    • C:\Documents and Settings\zamen\Local Settings\Temp\
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo
    • C:\Documents and Settings\zamen\Local Settings\Temp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Data
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help
  • Directories enumerated

    • C:\Documents and Settings
    • C:\Program Files\Microsoft Office\Office12
    • C:\WINDOWS\system32\ctfmon.exe
    • C:\WINDOWS\explorer.exe
    • C:\Python27\pythonw.exe
    • E:\PortableApps
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other
    • C:\Program Files\Java\jre7\bin\jqs.exe
    • C:\Program Files\Java\jre7
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.com\PortableAppsPlatform.exe
    • C:\WINDOWS
    • C:\PortableApps
    • C:\WINDOWS\system32\svchost.exe
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen\PortableApps\*.*
    • C:\WINDOWS\system32
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\*.*
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\*.*
    • C:\Python27
    • C:\Documents and Settings\zamen\Local Settings\Temp
    • C:\WINDOWS\system32\services.exe
    • C:\Program Files\Java
    • C:\WINDOWS\system32\lsass.exe
    • C:\Documents and Settings\zamen
    • C:\Program Files\Common Files\Java
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\*.*
    • C:\Program Files\Java\jre7\bin
    • C:\WINDOWS\system32\spoolsv.exe
    • C:\WINDOWS\system32\alg.exe
    • C:\Program Files\Common Files\Java\Java Update\jusched.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable

Process SpeedyFoxPortable_2.0.23_English.paf.exe (1440)

  • DLLs Loaded

    • C:\WINDOWS\system32\APPHELP.dll
    • C:\WINDOWS\system32\USERENV.dll
    • C:\WINDOWS\system32\SHELL32.dll
    • kernel32.dll
    • UxTheme.dll
    • oleaut32.dll
    • C:\WINDOWS\system32\OLEACC.dll
    • C:\WINDOWS\system32\CRYPTBASE.dll
    • C:\WINDOWS\system32\browseui.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsx3.tmp\nsDialogs.dll
    • OLEAUT32.DLL
    • ole32.dll
    • C:\WINDOWS\system32\UXTHEME.dll
    • C:\WINDOWS\system32\DWMAPI.dll
    • C:\WINDOWS\system32\RichEd20.dll
    • C:\WINDOWS\system32\PROPSYS.dll
    • C:\WINDOWS\system32\SETUPAPI.dll
    • C:\WINDOWS\system32\SHFOLDER.dll
    • SHELL32.dll
    • PSAPI.DLL
    • C:\WINDOWS\system32\CLBCATQ.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsx3.tmp\w7tbp.dll
    • browseui.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsx3.tmp\FindProcDLL.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsx3.tmp\System.dll
    • shell32.dll
    • SETUPAPI.dll

PE Compile Time

2018-01-29 22:57:41

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006409 0x00006600 6.4162226664
.rdata 0x00008000 0x0000138e 0x00001400 5.14383173215
.data 0x0000a000 0x00020358 0x00000600 4.00440232134
.ndata 0x0002b000 0x0002b000 0x00000000 0.0
.rsrc 0x00056000 0x00019990 0x00019a00 7.53322380718

Imports

Library KERNEL32.dll:
0x408070 ExitProcess
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 CreateFileW
0x408084 GetFileSize
0x408088 GetModuleFileNameW
0x40808c GetCurrentProcess
0x408094 GetFileAttributesW
0x4080a0 GetTempPathW
0x4080a4 GetCommandLineW
0x4080a8 GetVersion
0x4080ac SetErrorMode
0x4080b0 lstrlenW
0x4080b4 lstrcpynW
0x4080b8 CopyFileW
0x4080bc GetShortPathNameW
0x4080c0 GlobalLock
0x4080c4 CreateThread
0x4080c8 GetLastError
0x4080cc CreateDirectoryW
0x4080d0 CreateProcessW
0x4080d4 RemoveDirectoryW
0x4080d8 lstrcmpiA
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 MoveFileW
0x40810c GetFullPathNameW
0x408110 SetFileTime
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c lstrcmpW
0x408120 CloseHandle
0x408128 GlobalFree
0x40812c GlobalUnlock
0x408130 GetDiskFreeSpaceW
0x408134 GlobalAlloc
0x408138 FindFirstFileW
0x40813c FindNextFileW
0x408140 DeleteFileW
0x408144 SetFilePointer
0x408148 ReadFile
0x40814c FindClose
0x408150 lstrlenA
0x408154 MulDiv
0x408158 MultiByteToWideChar
0x40815c WideCharToMultiByte
0x408168 FreeLibrary
0x40816c LoadLibraryExW
0x408170 GetModuleHandleW
Library USER32.dll:
0x408194 GetSystemMenu
0x408198 SetClassLongW
0x40819c EnableMenuItem
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 LoadBitmapW
0x4081c4 CallWindowProcW
0x4081c8 IsWindowVisible
0x4081cc CloseClipboard
0x4081d0 SetClipboardData
0x4081d4 EmptyClipboard
0x4081d8 OpenClipboard
0x4081dc ScreenToClient
0x4081e0 GetWindowRect
0x4081e4 GetDlgItem
0x4081e8 GetSystemMetrics
0x4081ec SetDlgItemTextW
0x4081f0 GetDlgItemTextW
0x4081f4 MessageBoxIndirectW
0x4081f8 CharPrevW
0x4081fc CharNextA
0x408200 wsprintfA
0x408204 DispatchMessageW
0x408208 PeekMessageW
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x40822c DrawTextW
0x408230 EndDialog
0x408234 RegisterClassW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DialogBoxParamW
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 DestroyWindow
0x408254 GetDC
0x408258 SetTimer
0x40825c SetWindowTextW
0x408260 LoadImageW
0x408264 SetForegroundWindow
0x408268 ShowWindow
0x40826c IsWindow
0x408270 SetWindowLongW
0x408274 FindWindowExW
0x408278 TrackPopupMenu
0x40827c AppendMenuW
0x408280 CreatePopupMenu
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 wsprintfW
0x408294 PostQuitMessage
Library GDI32.dll:
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectW
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
Library SHELL32.dll:
0x40817c ShellExecuteExW
0x408184 SHBrowseForFolderW
0x408188 SHGetFileInfoW
0x40818c SHFileOperationW
Library ADVAPI32.dll:
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
Library COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
Library ole32.dll:
0x40829c OleUninitialize
0x4082a0 OleInitialize
0x4082a4 CoTaskMemFree
0x4082a8 CoCreateInstance

!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
Instu_
softuV
NulluM
SVWj _3
Aj"A[f
D$$SPS
Vj%SSS
f9=(7B
D$$+D$
D$,+D$$P
\u f9O
90u'AAf
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEd32
RichEd20
MulDiv
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
lstrcmpW
lstrcmpiW
CloseHandle
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
ReleaseDC
LoadImageW
SetWindowLongW
GetDlgItem
IsWindow
FindWindowExW
SendMessageTimeoutW
wsprintfW
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
ExitWindowsEx
CharNextW
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION
SHGetFolderPathW
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownW
RegDeleteKeyExW
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
SetDefaultDllDirectories
KERNEL32
[Rename]
%ls=%ls
:hW2e+S
B-o@mm=
zV@uM5'
!l|]R~!
T0/~Aw
p]Dm6M
@Gk3o#
by/1YZ
s]go`Q
s}}=G
$3?U,d
Gpo/U,
OA]]5w
Garjl2
O@ntBz.
!hni`a
6nh[15
r(t'PN
ICCc+454
>1iT=TkD~
MqT~x^^c
GkcPUU
gi4blk
olj}xyGK
K6#hqHx
tw-ezo
m[aYW;dr9
"_` `
!JR6;-,
@ ah"5
4ocOY)
:JuN:p
YAHRqE
Z;z8}h
P{nlmP
6j;4F#
c{hdt
k4s}J6
NQ3T[]
CWVWin|
_A>VS*
LJ'VqWe
w^ZH=b#^"
{D6Ium
Da5V} #
aq4j"K`
BBL#%9
0[Z;$J
1]lBK/`
0B>i#R
Z\rMM!%
H1Vfgh
Zlp)p$
)]@$2c`%
A:[bf<"R
8W,9+p
wd-8:@
7Hrhls
JZJ!5[
nk$'5;x
Q#kaQ
7\IE,)
O<AO=J
m'QQhF
g76j4>3I
RZdBD PS
, '-c&
?Da[+/
"1?2,1$
RG !/E
D^+x3x~
tnyU6E
O&'&C+
;8*wEZ
w^}CB>
!KI+OF
;-*<f"
p\cOdK!1
Gu6:Zs@;
9GWgoR.
;EyNS
20n2EB|6"
yldHp
'!;"00
PGCTl~aD
*Ujrj
MSs34lw
V5x!4R
S&M7wd
qJvly
Sghv~^
j'_FtYDk
KiT*t|a^
ejE",+
y#v`[=
5\Kv'R
4\x$N2
e5@B},
V&'i{w
{X7.C/
jh.b)*S}
a$2f3Su
J@6.Ms(J
9l<x@j
OKgNKC
dj359AGVWd
i:6?)@
;jKoo0
\EnK;#@{
^|D.Ne7
=vdqH!HZ
wE~d0H
{49=Ii
/sNx,u
!%r@C6
cWEnl!
483`kby
0&DiYlB
~p7b7Y673
Hj\("XMF
vSH@al6
tcsgx?
7L#i:F
*4'f`N
_^tvAY
:27Q6,4N
;5<w%&E
HCIs&%
97(?86I
B<1Y44V
!:5<~35\
D>Fz/*
<4*F:5L
<:;t54]
@;>n3&
<61W:=l
D=,'7:e
D?<JSRj
FCK{YY~
85HO\^
8>t`NP
=<^[_a
GA=;KJf
HDGPC<&
LGLtPPp
MG>BJI]
IDBD $DQ47
((L0,/d
*,Va37o
94**wma
40%.qh\
83('[TH
B<0crj]
?:.O[TH
C=1V;6+
=7+1JD7cRL@
JE8g>9,3
*%4r84Cp,#
0*"?%%B
-+-V,+O
4()E10N
QNSfef
RMMRIB6
MG@.USd
NH=!$&`DQS
"'f/EH
LGGNMKg
VSUbOI:
23Qe:?|
+-]q8<t
MN{]@>i
"%SG,.V
QK?I^YM
SMALHB7
pD?>A="
HO@DFFDD'!"
pFOOHSNNSMFB&%
jPOPLXmjVKKWMEA'n
niM48KWREBm
f58ksIN
j8WUHBYs
0WZHBMko:.2
N2WUIBIikK.28
(/iTG3CJWf,+*
iJWnTM
9nM603CIf9
ojI4($3C6f,
gx7+JG0
]a]a]]
abbab]\
\bvv]zz`
746!%%A
IHa}?<<
42?D%'L
B?I;@;0
22Il*+X
DBTb>91
13nL05n
5:xL<A|
;?~LIK
BD|LRS
@Af]WY
QQoMhi
KLumhj
:;coAD
36p6:>y
`ZOIKF:
;4F?>@6.,
IEFNlD89A4/k
c@G0Ln9'
a9G1<h(
B=#$@9
TU]USQY
`^^^sS
\FmT69K!
8b{kw~
baP`g|
_jlvzyxb^
]buxyubO
+&/d,-U
VSX\il
XU_^RL;
GGg]OQ{
(*^cCCk
[UISaYNd|sg
aYNde^RgHB6
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.03</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
NullsoftInst
q`fu&}
#5eM]m
EUGt~F
A4(aA%
c&x,,T
}Pt1Zg
m~!l_V?
hixA-u
+{eNNA
i4@jLm
O3E7XA
|\Ay&\/
8P\p<u_n[
1B79]
`'K(1G
jWBVy}K
X<ESqC
5el}sAV
F`1sY^M)
\s-&9Y
(#IP9v
._c`L]
e~4OLG
"nW(@3
!3ob{0
c8!&M;
|CN%2T
Ke4!'?U$
P@JU?>
BRf4cUY
="v C,
6L!v(A
xl+ItgL
&(SA6f
Zs`Y%t
\D;Stp
M=hng 0
eVH"]"
@'|Q})
xH^XXUwg
SrNy)Gt
8<!8o
BJ\cNd
:$J#8o
<pW>Nu
U,,Mp2
)'[|#
vIuMff
s"q"mn
~_j[5F
5A\JbG
"DL.ru
\-S $A
d6'`/5=\
".yd:m
kEUBBn
[r;/Y.
]y*K(n
Cc?`C
U@4\|
8GJ&R3
Vf74\6
_,js3x
S[IhVV
Nb/Kk<j
pG<xr$
0xvN7]o
`xmL+{
EXmMt)
5*FG68<
-L "8
-sB+^&|;h
>1/U*=
49VX`*
6fE2~M
v!]c>
E9|V~lm<y
4I>cuA
h;;*Ar
cr_b;Fx
9JpK'%
FnnT/1
\S"'vN
\x9HNI
S3\G|w
EhYfG`
XzUdO
%d~&Y"
qI;sKN
U{7,<[
^/^QE#
HSBumq
GGki\c
EIm-(%
>QM =[
K#Gc'
Ox?db>
]mGc6mhi
WYj[eI
L}TkVfe
vG;_bA
8H_a1
0e=j&2|!y0gxT
Uju?2D
J*^(+g6
yD1i?|
fsFw![YF7
_P843%
%&o]o#}
}fv[Or
Aj0Vdx
n<Eq8Q
2!?>N5
)u/+Qk
YB)[|\peB
B_qJlZ
Yc@kX>
X"eBl2rv
wvRg.N
11T^8/
r3pFI$
-$H5_i
pAREZA
~/.$8)
U^w}b|>
{![J[
SP/j-d
L<6r5C
6j6=|L-i
19>,p4
hXA#.J
b~Z5"[
q@02UW
$;fvX$
LJXeO\y
^i9-a"-QO
I3Knyt
vd5P%>
x2{[E#
HPvCBD
:>B2oa7
}CSsWn{
NTEzF4
`_HU53
>soQ#Z
nP8h5E
n7WTcN
-^{}x(
&,=2o.l
q7>sXb
GR3^Y)n~
e5->i8e
a~X*jl
9CC)RT
vIpYaL
Y:Z:5|W
]T;]in
pWq\Lq
g9Q%Jw&
L^p0M
DTdD}8
u/v|e?
`a*#p'5
D91*Xh
~=Zcg*v
/Xhz;g
o(!.y/^
WpV__;
bUjv(P~
,ASt];
yA[,63
Z=;V)b
d~$:h
4LiU~
Ds"*CX
Q(J3pP
,$C[5F
d }UDh:
y-+sx|^1}
ks!=!V
pt{2JF
ag.N8|.
355fUt
~d?(1Y
JL/jX}
~D`dv
P+: &;
^-YP:4Q
24sn0K
v/mY2h=X
TZQ>B
'>%^GA
N*HyUzZ
KG^gYy
r,ircY
4*oPAN
d MlwQa
&L"f+}
\C w~^e
I8fdkQ+
XfzryS
duG~(@
W:\Zon
;6#YXY
e&`Pp~
<tD 0j:R
N{$Wg7
4?uvtA
A9y'/&
yADHyS
/S3"gB
,4R\A^$
:)oN`
= ']T"
x-7?|{
>$]~9M
,kQV S5
`I7G-d
KnD[H'
J92UmmV
V8 :iCi
<11/J;
wMqcgW
s*76gF
igXTBN
ks6m<}~
hk}"V(R
A=b5]h
H"cbY+
0m4-G
@|.Pfo
w|,Tgk
>R7/rG
$XE~-*a
wGuR>@j
|MxLE
Q9#DHP
D@758n
jEIiV0
-P43(
-vBz=w
N^M'{+
)NAZP:
Ky+F\X
e}(!4-
6$2;k9
K!qF>Q~o%
%d[va='Do7
/uS*
"k<W2A
:4}sL1
7t\$4S
u4[kEa
uv*+\m
J!Hh6Ue&
3hGnJ=
^y\@&$R~
H]jgkv
)N,16>
0nCPeB
XRJ,I5n
+8dO(1?s(B\
5NWg^(X
:|^-|k
S}GaZ(
U;}JrABQ
)/t!;W
M\5AXhy
wrJqa`
:Z>O~8
tran*]
nV/e4Y
D_F^]p
)|cr1c7;n)
@Z^#zA
"A/D9}(
Htq]-j
50o/K$
v"""r{
}<9L[t
GXNFmF
A\XJ!x
tAk0dY
Df>D!N
oR8Y;:F
wvlC%/G
yob_a6
^Am8D
loBbi^
t@)6X_
`P(mui]
Q)sv:uCF
tq1mH8
I*-|Z}
I&=XL6z<Rv.A( R=
-|?1!H
KFT^p<uX^xbb
_G_u6c
X`R6+v
$>$_*(
eiZEw/
1$+1,?0
[!/Z"o
z3W(vEe
:V?A\zarS
9<_1zw3
v<&),C
G|){EH
Y'of;P
a*y'|og}I
K>P4d4
XT!xg%
$U1k8}
R@Z"-L}k"
9@jP|;
eEwJ9t0
gArAuV<
+=&8o8
2?G$+`_R'
vgik.`c
0<a^A(
fcnTz?
v=571w
zUbqe
5X=pl5^
P_$3u.
IA([n#
<buI}6_^
#eg3L1
,(x$mVR
#XKwh3gs
9);zxN
5u?u*M
wM,;/=
d5n%O8=
tMZ33
K {Q @
%tA%V45
57&fsd
SrgY]o
xzoNro
J%!hMc
0[ $}4
Rd0V;BH
="vQ[,o6
#_CcHK
F~yjmq
 _'g*I
/]lHg<=
@#38=|>
9L6[po
lqRuX~
6BK#u-
_FGep"Q
PR~"RS
!xPX4T
ghn'ra
'Xp@Q#
:#p~VD
K{HS@G
8xXv%J
-i 'Gg
t ^le~#.
<pU0}#
Krk) _
FG}q#:
2<H<M
ilSx)Z
AXD~od
#rAP@M*
zr&kbwAD8
#<Fq4d
J:dv70j
--$U,G
kDWrgV
Qh@%.Zt
~HlW5#
N?NU$l
W0'z~=
%'(Hc+
XpAvx6\VCoG
~G~/`"
Vc5DN~9
4/de#[
s6^#}m
=w;-gX
R`[UG=
kV Y^h
_z8~M`
gsC8G:"
V=J\)2)8
(B>qw/e
%bH3!\Ah
6"k1?5D
W*0J2VJ|
e:YyFK
N:j7nk
<I/>fU
hA H~8n
-"D=17
xx9_w8
x'o!PJ
6YH?|kt
/|9/uW#
Q?I0j1
%RQuwI_
%4^[l5
.2s' R
o!9dH$
|l*3ygL
mF~R$AA
%CSH4E
x66&Cb
7/w1A|q
G$~T1W
p4=p8)[
6UpnxM
Zfh0@Ct
S-"Z90Yn
)e@/0lD@
3JP'A2.
ua4]uO
4\Ug9'
D+[.@(
sF6|t(K
"C(QRJ
;6 [ox
F7Wqvi
G=\O5nh7
MORjJcf+
hFm>S}NT
MU5K^$
Eq4E;D
j:yXc-F
$&5s3;1z7/Ij
9jD*s
nTnxU3
5cQ!,s
@cf$]p
`":5^7
$~,nhT=
K[0943
R)3cT2
~\KyzVQ
=7W>iBC
Q*_OI'
&s,oJa.
"FSp2'
;E)%aH
orz/7Xyx
Q3G\b]
+Y7 >DLe-
,@KlQyZI
;k,F@}
?&WEMj
[!a{RG,
D{ebmR
wX(y*[
pL^2~o
wm`Vzy
XSe:@m
@jHrR4
a?r,WEJ
?w^I4b>?
qW" 5xF
9:A"4/
Q!fzS\
@agcb]
jOH!)~
dj?1[m
jvMDuW$
9*qQvh~
^upr%{
:r9.fE)
h^_Y5sr
)FX.8n
3yj3uA
~=z-(2
{[?z:#X
M=(}$`
n=-PNz
T,/or
Nu@Y5An
y[\WKe!
Xt|3Pg
&NW?sE
Jyyf*%
!yY`T2LX
70:I(M
wJEdA3Uo^
Hxd'#A
=;f^5L
24wRyza
SE7Y8!
Pz*&0{>
BsK\*k
Qf8sv~LS
4)cZ !
Iq%\FTT
Y\3y>p
v,heYiGmk
[n3eMo
i|Wt8\T
=~t>ID
6vYn.u
c~)q-@
raT)|y8
I?*AHO
cZkzrG:
6(2yUA
#Qj?LZrA
d0CpCvM+
X,<oD{
_Zg91h
1YDWe.
jYT4&k
zLfr ^
|EB7:c
>svf~m
I{ Wyus
85vIm$
:8*>*_q
64[LwRmI
dwGiF~
l)q&@q
NQYjr<4
mqb]eG
W3ZmR6X
ut~2'T
nSb/Fa
ZVR~un1^|cG
yrE.Y"t
|[&z*?Lp
iRC>(`
a=CNGI
Trb]<hG
,B-sUQ
O~"<X*T
]~?U+}
WyYZ.WC
M3/yxU
A=dl1
't53Og%H
V71<B%
3x|prj
qFO}`u
~]nT)P
;, 8$mj
DsB$&I
mO$?b($
[=:Mol
MfXbHc
=3F^TT
j$O"sk
_2F0W7
e4\=zG)LZ
6nV2u(7
^sf5f2
M7|u)0
#Ro%e
rz=SvP
.3>[wX
#rms]|
8VlfJ!_
7||+5D
yeNc,9z
A%@Q==a
1sT"\qTv
ojK+"4
e20@'h
Q~38id
SH%uIJ
1ddxVK
731LN5u?
Z&\6!_v
*6dPd8
h!;f&)
n6L)8"
vwnbeI/
s_*.?@
(N(W89X
2-j^|
H]t3(s
:t#S@{
4Y8,"F]XG
G$[oUM4
J7kOL*
?JnC11
>~/b|l
pj 'NH
.D}IyNb
N-d0JM
xQ:Z<E
=yO#`m
Qz." ]
@FC!Ht
nSfi[N#
D\CqMm
ZZ:;&gV
AVuWZg
P,`A%
7rp- H
[4KU)*
OqWJd'G
/H\:3W
.Fy,>1
QF:C,X
|iA ).
]862Ur
'Cy(xo
(:IUNH
N8"uxVM|
C-P7g^;\
|]+Q!n
CRw[L`!3,
& +\EWb.
* 8N!]
c=9t[s
/TdalF
!<'Ga,Mz
DSucpt
0#YXt~{W
AF:YM
?^e?,C
wyP&M7
O%_ 8_86-PO
~.rQY0
S_ekK!
`.$H(f
ki=eK|
wd7%opd
A"w3="
E@wvvL
c m|G>xH
8hUc?U
V|Wj
,/)0Wm
zxmw+\
tQ~s|jo
c/BKC5WP^2
l'$iI}P?B`
z?'vOs
E`}97*
NL.<M*
x\w6H
'|OxuV
H>V?sE
.`aI<&3pH4
>\| ZM
_}v~TgH
&!D@s9
3)o7NQ
a9H;=5
JAD>UQ
3`#Yz,
Ax]Kk]=Z
VqWt^w@Q
Y+/'Oq
mxU})I
SnH%60
h,:QzY}y
C[=7`
A{QO2YX
HI j"vE#pj2
wpn4z!0y
s!)W1'F
s??%qsJ
\\5x_.
%AMY{'
SbI5+g
vQsPB#
y6!-no
~>AwYv
p&vPLy2
9bCa9$X:UE
v>g{2KX
wI$08=)
-~Q$5n`)
:!IbQ<pua;
t8II|#|
$a,`G#!
~-^HX
^HL2)H9
]J_)~w
<^i@Q,
}nTWMN
A/,KMC
S)`Xq
6b`*;L
tL 7}J5
pjw\gg7
)DQb+eW
nycYwW
HGcq*cSSh
B~~(LJ
l=TmvghF4
Pts?<q
6gWE^\'x
t;<-Q
7`CLH3839
o*zj-M
rjOJtb]
se!c;>Y
PuhlN>
^.U2'v
Srr^-y
0b\D"8
gk^.!2
p7W8_
O<2-<
tL56Zs
w?j\x1E
dOn~HtZ
(\xg%*>y
+'@:q\
+BduQa
(6V>/bM
6"+`c(wa5yv
(w%Tbt
bSsz,1f
i*w.AT
n<!#K2
rP+k_%Oc
n\*Tyn
pyB^7
x9_ghz
_Ch7|_2
z WI"(
EptZDd
uP@gtR
?JbY'<
{1O}A/
%6)i_@1
hC`\8<
M" ?.8
)g)g[*
T]9R{k
\{ZX}"
'Hp\H&|K
6\E4@(
9bLJ0k
4|Rvr*T
47Q(vx
PM'IwB
8B=&jO
BZ^0>
xHGvwt
1M\4d#$
U!?A,fg
s_tVQX*"
d=s~6h
iZwDAQ
al5~Xt
"03:t
Q3 >,v
KLWo5=
JX<khZ#
rqxG+&&
H\cKt#c
P>T}(<d
=HpNN2D
:"H'[C
Rj$)1[
4kJINA;
KW*2#P
,){&sl
!cN_6>
5f:3]-
1vm<-vxtZ<
Pd2I6`
oPs,<1AgK
2j>|HH
aRwx|8
pOv6yu
PuCkef
5>fx+;
@G0<.D
v>oR80
4#@(y&
]GQMrE
[2/acg
9j;i6
EFo *[
)1>R[R
eHUM:"
/p6Rw}e
BLacm|&
Lw5;)"P
^|fLeX
%`;P<v
ANs!n(
wI54L"
`.AZ6Vh[
Jg];]Z
MeN4S'
7;K%z[L
_8\JV
lB|I'[
_ K5Q@iz
xezXV
Vq:>RgA
7*_M#3
BM~rdy)
3V7hPU
p0h's_lL
Lxl~Wt
1L-L[xF
B=t=S4
>A%6kj
w0A1uX
zI<g0l
eFzicT}
{U6Wef
."g~pZ%
v,@Y$oI
<WkA)!
8FP|l3E
\u{NJJ
yz2*Z +n
Hd<@AN
Q?mw.^
i.F05<
4,zGx
@,JjPD
`@5po/
`-mL,1
RxdDj
Gyjrm`
o(L$_szs
-3C+J#
L&vaojm
Lw0Tcg
ab52kJ
g6g91B
0>_/`9V?:g<
Kl-IPW
DY[[,Y
OStySJ,
^.NV<,
k|KC~:
*T=qI4R
VlNTVa/
v)Kr<u
/@z7kY
"vgO"VR
xue-Vc
{7vd<.I
fWfer8X
}q,tWU
jA)IHd
8-~d|s
ps{tZ/
#aHb4k?
?HI1*>
Io:|LA
a|BAeH
^'cZog
%y`;YG
c-YW9d
d#,z-7
'iMel
g-GV&T}<B
f|FXi^
9GB0uU
w8FHRU
1pe]WM
]q- 2[9F
MZ`n]V
Y,>)w,w
87[_z/nH
9kHQ5F
dkj,9Us#n
"bkg:K
q,|Zzt
KdtAe)
!\!O_>
A6C^j
:B6:ob
77t%J#
vbbzC
q"yPCO
chf4v-
HAL{v>
' v^)`}g^EVp
945#/-
>A^o E
XE[DoOK
b3i@7e
)cQ#0"!
m|k@YG
XT9TL{
#(dU^7eB
woB<}/
3xj'zUe
OncK<[n
5]c(CN
%s%68@
yqo;*Aq
N9Hd6s
H"V=]2ILO
<Ani#h
5[Vj0{Lb0
(yEDGn+
C}Cr]{
Q[C#ZI
M\m]&c
KlV)''3
qYjPj2Y
>IX,uGd
D<9DLj
"1_Lui
O_^[tZZ
ItYlkFb
i]$&0&Tf
48*igG
J*"GhAjd+
x%RSTGJ
\>KF1:R
Hr]=@w
*W/ P=
!}Vp.q
fg4);O
vV<IXA
X7XAIY
0Aaz5V
v>sOmb
D+Nc{$
rk<=doSCJ
6Z%GwU
0T/.Yl
>>F"="
<lq^M<Y:
]3$?#GQ
4ByZ@7
"|W!\~_
";]AT@
xtS)g2
R"uE%IB'
'@Ksu9
umc;XT
Hxu/&
p4td&
"V0CS)
0>t#XS0
o6*yEL
"u;c_uM85
3"l1}8
(/XG_]+
;*j!yT
/+GJwctV
)F'"_2k
n/VZ`@
VOUR+>
Y:L_:>
%]{4sU
|>pR=hZ
rX6N^b
13hFvy
.]Du3K
]!4_if
k(=Zl,
(/{yP,o
9t#VV
$oW|*
};L~Rs
}pp5`4I
YgJxYM
F?@Ex`n
z#uqk|
bpo@a\
7bVJ) 6
[N<fiS
eUh,x
2Su,[@
WJ,l(\
`ac=-R$
j;E[oJg
+5zY<
Xxi>WhU\
V{\FsZ
vHu|WT
jNi_!=
;)h05;
3jibKL5
\aUTTM(
Xa1RR_
l?hV9H|{:u
m88w(#
W]bh #k
xXP>-)T
)Q$_J~
&nK9Rg
DQjGcg
#p!C~WD
MlUwk|
;N=-o7y
^IJVx,
A?]0Q4
X7m$Ky
d*d3/h
4`{7s
/JmO4
pI?gZN
5}VX}10
zuq1C/xR
I%H?E
2Jakb)
i',NGn
ycqb D
fWIC!G*
4n&vcGC
@V/rr
SE?7j7
:321>^
];k*+a
3wou^K
Wz"Z->/g
O},:+_
[!oQy@
!GhBMa
Z7jg\6
dnDu.\
_*SEQb
|>\Jk{
=i[&eEBi[
Ch:oD0%*
7~ot;M2\
`"n9zn`
842]>c<
s"mH<*1t
Zd7&zI
byb>cS
{Et'X%Q
T>~$Bm
q6]89
8c7)(K
g2(UC8
Uv?^}*
r-lz0J
4FTzv+
SovAh>
%"Pxk1
)]L3>b_
=IL}*@
|<eUhh
x9u2L-
,Wn\qD
{6noX>
*_$d?{l
H%>]cP
h'<8}(
yo@F][
lj6(ny[c
#.!k?*F
4q'Bkq
(:9;jO
(Vt:CJ
Y-uT.
b(A!,=C}X
}'Q-~r
](4C/X
uPZ)@6
(I[l%M
42$Hf@
`5tLg]
V+unjW6
dz2Z;-
qp2U$N
`~7*3Y
,;Q \I
OHkmEv
[S!mQ&]_
~8"P_v
4Aa~n<k
Jl>L[K
@|-^~D
0Gxa~n
\0;3_<\
|_$(R_
\s&JW]
q#;(\n
Og2,3!
SRl/bv
zM9H7]J
naY*]g
<i}t92
RKP8X
CWzzW}k
$Rc/]P
+V&?+Rc
1|\o.?1
('uj.[
IZMj9To
vV_5T,&5/
zf6v0NX
l4F4zs
x4=#(4
pO[ndW
#lq/2K
)Gi*cr
0xG~Dq
-L3ojyT
c3UbvV
0}kC4k
oO a*
Zby~}7
}D=O0b
LvJl^9
*1?+Q
IGO83C
%d uLHr
q%Y9q>
ej0Z&S
F}/qx0
xkNUUkg
~)*=J^
4z/&.Gx/
Tgx%^#
}L06SG
_xiOo/
r$<8OD
uT,sreM
kG<<~)
!v|'X
l{Fjxv
PE}#9~
+a|Ba<jJ
z(4:IU
~;mGpq
urxEIxd
#md&1
qAaXBN
f@eCVVT
cQ*anLw
LW(8Pf
`5USuww
1A@9S)
L^:!IIK
-elo#?D
h 70CC<
6m>Xa
ng565V`@
{%H{tX@
Z"$q$6
.K!Fz5:
RJahk
Ca0$L[
u>4Pz
P!qChL(hG
pqk t
Hpirr)gaO
>g+}+m
L+'BX
e<m;Co
_~&}ilNwU
{ce"T0
JloC;"
{2 phgEN
fz~Wc!
):)DE<
fG)^)V
cOPWG7
d|u/wI,
PkSA4<
Yc=)emT
]f!fec
O<Q~>%YQX
0isRK\
`D#$=`
CzR9Nz
jrLy+~w
Q#x+uv
IaQ #r
pd ZC`
4]*y!W
{lHI=#
x 4o ,
@y:6h5Q
A2*AXG
G6 :v5
F@_|`T
PY!0.o
o$iakS
Hrayz?
"z(hIeCt
,30OAN
~a}&^]
2itBc?
TrV(){
&6:/!H
q+"6to
8ZJ3J^
ghr%0/
SFr`*U
bk@&-.
^zhU{i
,[ZKvw_"Y
i%d?fF
o_\.g5
Ak>5e$E
J_D\<V
emQmdZ
_9,ho*c_
X|t:E1
gK:[)B
JbZ59a
iN_PTSL9
/Bw5{7
sJk?}#
I,^TOx4P
M[R'wD%:=
;%T6p&\
Ex`}}&
po'1bk
A,B>cS#5
O[F7MU
CbbAI`
1tmO~S
go L4CY
&cM8C0rwj
I-\(75
Lho;Kh)28I
HzO$d1
{K~6j.T`H+
KfTl8/
'h#aL`
UR%bT_
T?Xp/?
skUaZa@v
%Bg;5z;s
ba9F1bz
#D{vlZ
PBQMghP
JKE=ow
Y|Q|Ys[?|k
7uLho$
E@*z{Y
MSuNYY
Lpp%~(@
X]IZ'&
\B&hU$y
Zi)|+C
2QK6Ta
Q":d,%
v2l_\N.
e)Mo<T
f>BW@`
o+%\=_
G8/.@B
a_!{g/
~Wb,~st
hMIqzS?
.O-\7>[
<+F-akr
kJQ[8'
t_zWdk
@V>yJhs
b`K8Ep\
W=7*ls
p#N !t^#
/hmJ%w
I_=>m6
t7Sb5"
_Q~A@{G
*gX&Nrhf
oV))]Z@
t)pl)[
0YH!jrE
[*l z?
K![0E0o
3r-[}c]-
qu~6!%Y
L|>3G7
=1WZPe
k<]2M?
upKYj{
!iVGKt$
Sm?4P0Me
~Eh.y
"N)+,-
}13<Zj
uTgQ*`
C\{gTM M
~,T[KJ
'O"Pvq
U]5;Zf
%7!5j#
VC7ij[ju0mv
t=-Ul3'
*vFlHe~k
u{?l>i
qq5;{
{.(9<6
Q3DSs:
mWv'j'
y%0wy\
wlF<y_!a
?}B&A(O
#nq3g,j7
Qz=<AVr
PQQ4D}2
;(1be|
\,&1Va
XQ^/MM
~0Fkku
YlpzfRFA
aeFwL_&(f
i!oTj[
o;j S:5
fC#?"/
8>$_3K
p.yl,H\
_UH^9S
4+C"tX5/F
PEqI%R
Sac}XV
f\i\'K
NCmDw
ARS_;-
OU|3caw
U|W37R
2=P?Y_
uNwhs|
2n<i/br
7xdUBW1
*at8M`
J7Ja3@
:oU)$q
#_cC36
{.``r@k
ootkE
4QdUyc
dMxKTa
WOU,<`tE
7[Sk7\
Vnjlg&'
E7KTp6
V&>ZUy
GDlkxa
}Zi<4?:
Z@8vJM
7txg'n
>6CXh
e4o[$)
>l,]&T;
,?EmnUB
Kw|~7n
cL7W}
0[h3j
bJc P;-
}iKelj
GrELM]
b<~Lki:_
i >H&-q
6ylKt:@
dq*4(SXZ#
[Enmo$
{xD2Tp
>)g]$3
q^bIxW
XY`XaO
[OrMUj*
bI6+-gu/
tNVSP8
CR1nZY=
zQeQM
.nm$z[
FhLiPV
O-t7^a,
wC)I_La
Wew>U/p*
:x1Dk-
'o3-5*
6G`Nh/
PyXK@
RjpUdI
k{1kDM
G4+ObG
<\FIQ_
s-2NcaTV
jt6L|p
V=LuP#
k`,A}I
~%f0=&T
XZ*nsU
RichEdit
RichEdit20W
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
verifying installer: %d%%
unpacking data: %d%%
... %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
NSIS Error
%u.%u%s%s
*?|<>/":
%s%S.dll
/ P6pL
,/KPip
/-P?pR
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
For additional details, visit PortableApps.com
CompanyName
PortableApps.com
FileDescription
SpeedyFox Portable
FileVersion
2.0.23.0
InternalName
SpeedyFox Portable
LegalCopyright
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.8.0
LegalTrademarks
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename
SpeedyFoxPortable_2.0.23_English.paf.exe
PortableApps.comAppID
SpeedyFoxPortable
PortableApps.comFormatVersion
PortableApps.comInstallerVersion
3.5.8.0
ProductName
SpeedyFox Portable
ProductVersion
2.0.23.0
VarFileInfo
Translation
Antivirus Signature
Bkav HW32.Packed.
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Clean
VIPRE Clean
AegisLab Clean
TheHacker Clean
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
Invincea Clean
Baidu Clean
NANO-Antivirus Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky Clean
BitDefender Clean
Babable Clean
SUPERAntiSpyware Clean
Tencent Clean
Ad-Aware Clean
Trustlook Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine malicious.moderate.ml.score
Sophos Clean
Ikarus Clean
F-Prot Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Endgame Clean
Microsoft Clean
ViRobot Clean
ZoneAlarm Clean
Avast-Mobile Clean
GData Clean
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
Rising Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet Clean
AVG Clean
Cybereason Clean
Avast Clean
CrowdStrike Clean
Qihoo-360 Clean

Process Tree


SpeedyFoxPortable_2.0.23_English.paf.exe, PID: 1440, Parent PID: 1312

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.102 137 192.168.128.255 137
192.168.128.102 138 192.168.128.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 189b1af95d661151_launcherlicense.txt
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\LauncherLicense.txt
Size 18.0KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type Pascal source, ASCII text, with CRLF line terminators
MD5 ffa10f40b98be2c2bc9608f56827ed23
SHA1 dc8f2e570bf431427dbc3bab9d4d551b53a60208
SHA256 189b1af95d661151e054cea10c91b3d754e4de4d3fecfb074c1fb29476f7167b
CRC32 A6D3A2F5
ssdeep 384:H4j2PmwE3b6k/iAVX/dUY2ZpEGMOZ77oPpDqHZ:H46uh1iYWrTXoPpDqHZ
Yara
  • contentis_base64 - This rule finds for base64 strings
  • embedded_pe - Contains an embedded PE32 file
VirusTotal Search for analysis
Name feb6364375d0ab08_nsdialogs.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\nsDialogs.dll
Size 9.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ca95c9da8cef7062813b989ab9486201
SHA1 c555af25df3de51aa18d487d47408d5245dba2d1
SHA256 feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
CRC32 9D200B7A
ssdeep 192:oF8cSzvTyl4tgi8pPjQM0PuAg0YNy8IFtSP:EBSzm+t18pZ0WAg0R8IFg
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name a632d74332b3f08f_system.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\System.dll
Size 11.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
CRC32 BFE90AC5
ssdeep 192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 0f3ec550338510e3_modern-header.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-header.bmp
Size 100.2KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PC bitmap, Windows 3.x format, 300 x 114 x 24
MD5 8c0dce64e9aef02b7eaf47b736808e91
SHA1 6911588a51fb1db9addd7ebc0668ffa94f271428
SHA256 0f3ec550338510e3a0acfdfe7fb97569aee0eb12120cef2791d4d227aad31d7a
CRC32 DA238B6A
ssdeep 192:ceejfXrpyAR+7AiZZzM6TvHPo/ZOxu6jme+YNogQffBc6+AYdH3WeQAG84u6:cjdyE+kifnvHQkxBmzT/h+7QpN
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2ffe1ac2555e822b_findprocdll.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\FindProcDLL.dll
Size 4.0KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ba4c1dfe226d573d516c0529f263011e
SHA1 d726e947633ea75c09bba1cb6a14a79ce953be24
SHA256 2ffe1ac2555e822b4a383996168031e456f09f9cf3bb763fccee35be178cf58a
CRC32 B076F3F7
ssdeep 48:qv1AJiDhU8UsnL0C8EA4G1zkxU5NMsH7pWIa1B3yx3s2mRUyNi7ftUgwQagqlNt/:uJnQChA4nsNMg0I8GiR+Uget
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 82973fa94df2a79a_appicon_16.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_16.png
Size 933.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 5e56fa52e1574f4311276f16cf9b37f3
SHA1 22e559722c296c9f698e40133383796fd2c0e64e
SHA256 82973fa94df2a79a94e05feb4b4f322fd6625c4e23177dabf4b7de119ffecc01
CRC32 CC123FB5
ssdeep 24:HDV8YgssY01+BYL6pYcTJy9ViruzjRDFzZ+GnTk:RLQQuLIw8uzT8Sg
Yara None matched
VirusTotal Search for analysis
Name 46a1d50a869dc7e2_help_logo_top.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Logo_Top.png
Size 2.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 229 x 47, 8-bit/color RGBA, non-interlaced
MD5 0f024e316973b9d87f3f4c3a1f33c448
SHA1 8ccaf998d7b14731829c0d1104d6fa7a1adc7247
SHA256 46a1d50a869dc7e2c0511cfbc77a15f0092ad9fba0b068736f1e512683a47ee4
CRC32 8F37D7F3
ssdeep 48:NaRbpMYHmHcRu3nh77X9/aoy/b1MUOgmLFu2J:YRbqHSI7TZ/RgSuI
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 88c0749cc9ca14cc_help_background_footer.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Footer.png
Size 168.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 10 x 16, 8-bit/color RGB, non-interlaced
MD5 6af4a82693a403b0d0afde16972466f5
SHA1 1ab8a3d0cf22cde23173b6b41521377c0fdbeea8
SHA256 88c0749cc9ca14ccea1af39dffaccf7b7c35e5b5603b1e451fe7fce508252480
CRC32 8468EBFD
ssdeep 3:yionv//thPlHvtntCZRthwkBDsTBZtv9L//gbxCRQe1e//VHgNqUMwF/2g1p:6v/lhPo/nDspvmb8RQe1IgN1MwFdp
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ba278414bc018b0e_appinfo.ini
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appinfo.ini
Size 484.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 8aabfe25cd5bd40602f627272ff8a351
SHA1 081dacc271d53c208a0a99c38607d8e1631f1094
SHA256 ba278414bc018b0e35b9b43d18504aa321c7fec8a270b69f6cc53682390ddff3
CRC32 76095A4C
ssdeep 12:kiQPTNBjb44gkQ0yhuvCqZ2WvAU9xrH1ZVDO:kHPTD44gkQvcfr9xrV+
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ee13539f3d66cc05_modern-wizard.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\modern-wizard.bmp
Size 603.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PC bitmap, Windows 3.x format, 328 x 628 x 24
MD5 4df53efcaa2c52f39618b2aad77bb552
SHA1 542de62a8a48a3ff57cf7845737803078062e95b
SHA256 ee13539f3d66cc0592942ea1a4c35d8fd9af67b1a7f272d0d791931e6e9ce4eb
CRC32 1CDF967B
ssdeep 1536:9Bn13fmACap7r33OCINrac3aKumetKPKqDjoo+1q7C3DNgbgNgLg7gRgeHRVAVVi:90aZr33XW1
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 476d3a944778d9a0_speedyfoxportable.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\SpeedyFoxPortable.exe
Size 234.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4f0130573049217862a8e8d79c666146
SHA1 eddf61c912f71e84f03d259da2933765fb93438b
SHA256 476d3a944778d9a09086f4ecfcbea2556eb57c1aee5049b3ddeebe670b34c467
CRC32 0F76584D
ssdeep 3072:7weqOYEUXPnJhmNHspVleVq7/apyW4LwGQXalcn07DGvrFlBIu0u:UEUXRUNW3eVYafKdQd2oBlEu
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Nullsoft_PiMP_Stub_SFX -
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 62e81586af11f3bc_readme.txt
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\Readme.txt
Size 2.1KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 bdc4c737e121f91798d630b55cbf39de
SHA1 71d186fe2cf582792243042a402931ab46b7ad26
SHA256 62e81586af11f3bc93785304e766e7ade61835c1d2cf5840c9eef8a57cc22278
CRC32 BB630115
ssdeep 48:poqWahdxHxG2NlNKxGT9O72bpbGTY/ZzywG2lMI:m3ah3x5Tkxe9t1GTYZzywG4MI
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name cf7718e82afa1af0_readme.txt
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\Readme.txt
Size 185.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 9d3d2c85756ff419cec6da38bd89a37b
SHA1 2f722064cefd0d48c5f5d03956a7040900d7f8b1
SHA256 cf7718e82afa1af00882af5a9b80cb1640fbfadad56d218a78371b9bcb649170
CRC32 A50CC39C
ssdeep 3:SMbKyPXtH+XR5WOpH/VVJYMQr3MeMQxF+YEJRi6Xt2vGARFKGRjZUovQ3OSbmSWe:DdH+XR5WKo8zQDuJRPt6zKGRjjRumA
Yara None matched
VirusTotal Search for analysis
Name bc4dbeba417d3bae_appicon_128.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_128.png
Size 16.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5 19e95989f14a363dcf4cb7bb2d22526b
SHA1 caf8564ddeba3731ae990ed49a7ada7c045bf7d9
SHA256 bc4dbeba417d3baee3e36cf2254afd4d3eb4a4dcc00d03d31722935694d4c350
CRC32 D505C164
ssdeep 384:h1anZFHzt62OQOhtoa1rPFuhYYT40j9a/lMzDZIlC5IV5rUG:h1aZFTtMQOLoa1AhYP09Zu1V5rH
Yara None matched
VirusTotal Search for analysis
Name 58053a49f7c9d07f_appnameportable.ini
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Source\AppNamePortable.ini
Size 244.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 8634c50b01d5ea4adc0d9eca692cbb5b
SHA1 ce39ebe17200463b7625a07288bae88c688f0ab8
SHA256 58053a49f7c9d07faceb35c298022d31da5b00b8840e611074475b41ceb9b7e9
CRC32 0A3AE46A
ssdeep 6:IQE7Em2VPVJSgBYlyGqMwIjAIMLyJQBABCXh5XMWJk/71NLyJQBAK:It2hrY8fjI8IMee2cXhX28e2K
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name feb779b58e1a8dc7_custom.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\Custom.nsh
Size 3.8KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 cc87376dc53245966f5259d6f2a2464c
SHA1 5c953d360516b9bb0179282cf21529c86d5b21bc
SHA256 feb779b58e1a8dc73b4f4945efb8b7c02c70bd717b0821bda6f1aab8be0d0dec
CRC32 A368D0AB
ssdeep 48:+akAYM+aM4gMJXMwLEMTKLGMTXLpMTeILM/DF3MegF0MePeszHEMR8feGH2MR8RF:+TpdkIPeEQfeSqRe8w/e1Xec
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsh1.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 53bb519e32931649_w7tbp.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\nsx3.tmp\w7tbp.dll
Size 2.5KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9a3031cc4cef0dba236a28eecdf0afb5
SHA1 708a76aa56f77f1b0ebc62b023163c2e0426f3ac
SHA256 53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00
CRC32 FF2B5710
ssdeep 24:etGS4R/39doyOzHaikQ7I9lYFxu3GUY1Bk5L2:64RVdojLJGWnWMi5L2
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 9abc52858ae4ddda_donation_button.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Donation_Button.png
Size 1.7KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 110 x 23, 8-bit/color RGBA, non-interlaced
MD5 bab4268c0bc3b3051ff38b21dbe35a44
SHA1 ea7adbbd731bb1747afc9da72340a0444b29abbe
SHA256 9abc52858ae4ddda224ee9d229cb38d252ae9ba46633da4ac14fada25dd489c6
CRC32 F486C53D
ssdeep 24:aoPfexW3T0UjeA2fijjxMhDnUcO7QLgYNw69rFbyQCwbozK8yxkxuE3u5F3pKXTP:aw3T0GeA2yMhocrVN5uXwNF0FGpU
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 5949d117d144c7e7_appicon.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon.ico
Size 97.3KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type MS Windows icon resource - 5 icons, 256-colors
MD5 fe21e819e7cc494780d79f1eee529d0e
SHA1 78a01a4f7fc6faa3ad7030e72d0656a4d6529369
SHA256 5949d117d144c7e7cb46e55e046420d5273cb923c56cbce6a090273a2a24cbb0
CRC32 F0E769DF
ssdeep 1536:s4RhmXdHp6pV7hr/oZ8nIVtk0V0tV/aW8XOh8CSndAx/Tyh:ZhmNHspVleVq7/aph
Yara None matched
VirusTotal Search for analysis
Name cb1d52652396890f_help.html
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\help.html
Size 5.0KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type HTML document, ASCII text, with CRLF, LF line terminators
MD5 98b8a91956c1703a38e082a355678909
SHA1 88abb1ce3dca7f51812e7d06ce41a0a39ebba30d
SHA256 cb1d52652396890fc7b2d9e4786e8331a39cd75e0cc42064bb0b315bfe5425e1
CRC32 717BB739
ssdeep 96:/i3KeLV12hKyQCABwwdzIiP5gKxlzvhcxL:/i3Pf2hKHCuPFO
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name d2fd4d33fa73611c_appicon_75.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_75.png
Size 8.6KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
MD5 e2a95900afa2ceb731d2cb34768e7484
SHA1 834d47addc775433d06ddb4e70777cd97feb1736
SHA256 d2fd4d33fa73611cf557ece18775344074d5ff7c3e3432211d198783b0f51b0c
CRC32 ADC8EDF0
ssdeep 192:fy44v1dnzaih2mlHdWRgBidN3SbhMRmmVBwinsKuv4QDy946U:f/OdzemlHvBicgVBZsKuv4Qe9rU
Yara None matched
VirusTotal Search for analysis
Name 3959381aab454359_help_background_header.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Help_Background_Header.png
Size 269.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 10 x 42, 8-bit/color RGB, non-interlaced
MD5 a1eaee3ccb8169b680415d713720a2fa
SHA1 8cf2eff4faa05a34bfb0b641b8765773c7ac2ed6
SHA256 3959381aab4543593fa69fa7980946dbf0b0bab25924c8b38f6e88f7f69b9c19
CRC32 D14F00B1
ssdeep 6:6v/lhPTnDspO68hvS6IBe0ZZUngZlq+2dp:6v/7Uk68FS6c3UngZlq+2z
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b06b53681ea0ba09_favicon.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\Other\Help\Images\Favicon.ico
Size 1.1KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type MS Windows icon resource - 1 icon
MD5 049a352aabb8ced245ceecb94c0a0b2d
SHA1 775b5b199e8312e18f0655daa7b25844fd768602
SHA256 b06b53681ea0ba09ddaa8f8066c990cf5a7c01e65a1910e687a993ac375d1781
CRC32 CE59ADD9
ssdeep 12:GxtRygJlM7LVtY7YMCQrCE+4hoJbmLbJk:ARvl0VaoQr8ntGJk
Yara None matched
VirusTotal Search for analysis
Name a1e30b28ff03f91c_speedyfoxportable.ini
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\Launcher\SpeedyFoxPortable.ini
Size 842.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 b8e4b6d156e53680f09e408d4b89238c
SHA1 fd0c24b5de0a0b1603b1e5738066d56fc36f5313
SHA256 a1e30b28ff03f91cfcfdfe8689d14b885209eb3c38bedf798f7c9c3259c8137d
CRC32 1000EEE4
ssdeep 12:M8tLbvEkyy+GvyG0I388o3AV8ogkIreXIMbW+bWTICj:JhMkVgh7kdX5bJbMR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 98c4a21912a2a7dd_preferences.xml
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\DefaultData\preferences.xml
Size 121.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type XML document text
MD5 9a67cda10a3940d5fcd321830cc301b0
SHA1 f0b1354411df0c669ba51634a28f56dbc46f4d6a
SHA256 98c4a21912a2a7dd6b85ee49ed9d764b802da7e12f819cd3e430b4af2ba60476
CRC32 6A0420AE
ssdeep 3:vFWWMNHU8LdgC/Zybt2NHUnA6XAEA3Mx3A4hzn:TMVBdxAEVcA6XAEA3o3A4R
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 57a7a495de0d3761_speedyfox.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\SpeedyFox\speedyfox.exe
Size 1.4MB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 36a080b9d8078b7736766de3b27721a4
SHA1 050bb729036ada97ada79f73f67636384eca898a
SHA256 57a7a495de0d376156235340180e32bb02d72b25dd14d41e65eaa7e75dcaad6e
CRC32 28924752
ssdeep 24576:mMdyvXsKU5t2aCO5PicfT8ZNDqHpWGxTrK6MFNomxs:GRaCOIvZNeHTT+6MUcs
Yara
  • GenerateTLSClientHelloPacket_Test -
  • IsPE32 -
  • IsWindowsGUI -
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ - [Alias PIX/Vivid IMG Graphics format]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_00810_FSG_v1_10__Eng_____dulek_xt_____Microsoft_Visual_C___6_0___7_0__ - [FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
  • PEiD_01005_MASM_TASM___sig2_h__ - [MASM/TASM - sig2(h)]
  • PEiD_01007_MASM_TASM___sig4__h__ - [MASM/TASM - sig4 (h)]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01628_PEQuake_V0_06____forgat_ - [PEQuake V0.06 -> forgat]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • PEiD_02191_tElock_0_99___1_0_private____tE__ - [tElock 0.99 - 1.0 private -> tE!]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • Check_OutputDebugStringA_iat -
  • anti_dbg - Checks if being debugged
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile
  • win_hook - Affect hook table
  • contentis_base64 - This rule finds for base64 strings
  • VC8_Microsoft_Corporation -
  • Microsoft_Visual_Cpp_8 -
  • Big_Numbers0 - Looks for big numbers 20:sized
  • Big_Numbers1 - Looks for big numbers 32:sized
  • Big_Numbers3 - Looks for big numbers 64:sized
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • CRC32_table - Look for CRC32 table
  • BASE64_table - Look for Base64 table
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • with_sqlite - Rule to detect the presence of SQLite data in raw image
VirusTotal Search for analysis
Name b407de81abbac4c3_appicon_32.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\appicon_32.png
Size 2.8KB
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
MD5 2ac903c285a59c2fc3f8b2ae4ce814ea
SHA1 0ea8775045bae69d28c45b03fac5c68c37410eaa
SHA256 b407de81abbac4c3c240df4b7687b0f22acae63fa32823d8bdc863383e24c319
CRC32 C48144BF
ssdeep 48:hAcoA57cHWBameUq5/0Hq34pS0sihLeNnuml19cne6W3rtIMi9i5dKuYuZDHD:h795nuUq5/0HqoZ1LaPweVIv9i5dKoDj
Yara None matched
VirusTotal Search for analysis
Name 2d843bc3d02c90bc_pac_installer_log.ini
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\SpeedyFoxPortable\App\AppInfo\pac_installer_log.ini
Size 548.0B
Processes 1440 (SpeedyFoxPortable_2.0.23_English.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 ee46e60781d4570700ca4a253abe913d
SHA1 30fbe6ceeac68f9557a36a0dd83dc92b0541033c
SHA256 2d843bc3d02c90bc791f7645a5329c1d0c01743435741927ec40cf88288a6660
CRC32 73A5F3D8
ssdeep 12:EpXSg0uU/DA5WV9ARjUR0PXFj02PXFxxBAh9jAqK6oILVKiwKyaBXZjyU:E5SZ+WoUuvR02vL+jLK61V4SZb
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 624
Mongo ID 5c3615dc11d3080d16cdcbed
Cuckoo release 2.0-dev