SmartHawk

3.9

中危

58 个模型检测该样本为恶意！

重新分析

下载样本

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe

分析耗时

134s

最近分析

396天前

文件大小

290.2KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.17

FACILE 1.00

IMCLNet 0.70

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.17	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.70	Unknown	0.21s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200610	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200610	2013.8.14.323
McAfee	GenericRXKN-BX!1FB39EBB6B35	20200610	6.0.6.653
Tencent	Malware.Win32.Gencirc.10ba4358	20200610	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545348.4375 GetComputerNameA	computer_name: TU-PC	success	1
1727545348.4375 GetComputerNameA	computer_name: TU-PC	success	1
1727545348.4535 GetComputerNameA	computer_name: TU-PC	success	1
1727545348.4535 GetComputerNameW	computer_name: TU-PC	success	1
1727545350.7345 GetComputerNameA	computer_name: TU-PC	success	1
1727545350.7505 GetComputerNameA	computer_name: TU-PC	success	1

可执行文件包含未知的 PE 段名称，可能指示打包器（可能是误报） (4 个事件)

section	.jxmnr
section	.lpkez
section	.g
section	.i

在文件系统上创建可执行文件 (50 out of 76 个事件)

file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\black beastiality xxx [bangbus] .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob sperm several models black hairunshaved .zip.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\lesbian hidden hole (Sonja,Samantha).mpg.exe
file	C:\Users\Default\Templates\american handjob beast uncut .mpeg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob lesbian sm .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\russian porn blowjob full movie feet bondage .mpg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\indian cumshot sperm lesbian 50+ .mpeg.exe
file	C:\360Downloads\xxx public cock ash .zip.exe
file	C:\Users\All Users\Templates\indian handjob hardcore hot (!) circumcision .avi.exe
file	C:\Windows\SysWOW64\IME\shared\indian fetish lesbian hidden hole .rar.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\hardcore hidden ash .rar.exe
file	C:\Windows\System32\config\systemprofile\sperm hidden ejaculation .avi.exe
file	C:\Windows\SysWOW64\FxsTmp\swedish animal lingerie [bangbus] cock castration (Melissa).mpeg.exe
file	C:\Users\Default\Downloads\black animal bukkake masturbation cock pregnant .rar.exe
file	C:\ProgramData\Microsoft\Network\Downloader\xxx [milf] sweet .mpeg.exe
file	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\black action blowjob several models young .mpeg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake catfight stockings .avi.exe
file	C:\Windows\assembly\tmp\gay [milf] feet bedroom (Melissa).zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\tyrkish animal blowjob hidden hole sweet .avi.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish hardcore sleeping beautyfull .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian cumshot lingerie sleeping femdom .rar.exe
file	C:\Windows\SysWOW64\config\systemprofile\trambling licking titts blondie .zip.exe
file	C:\Windows\System32\IME\shared\tyrkish nude lesbian full movie .rar.exe
file	C:\ProgramData\Templates\gang bang lesbian [milf] femdom .avi.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\american action trambling [milf] mistress .mpg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian full movie (Samantha).zip.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake masturbation titts .mpg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian kicking fucking hidden penetration .mpeg.exe
file	C:\Windows\SoftwareDistribution\Download\swedish action beast uncut .avi.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\lesbian uncut .rar.exe
file	C:\Windows\PLA\Templates\blowjob licking .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian porn gay full movie (Jade).avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\italian porn gay sleeping hole fishy .rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian porn sperm [free] glans .zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse masturbation redhair (Sonja,Tatjana).avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\brasilian handjob gay uncut bondage .mpg.exe
file	C:\Windows\Downloaded Program Files\trambling public glans pregnant .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\danish handjob fucking voyeur bondage .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian beastiality blowjob voyeur hole boots .avi.exe
file	C:\Users\tu\AppData\Local\Temp\black horse beast masturbation stockings .mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\american cumshot sperm big sweet .zip.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang lesbian [bangbus] glans .mpeg.exe
file	C:\Users\Public\Downloads\danish fetish lingerie public 50+ .mpg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\indian cumshot bukkake masturbation titts (Christine,Jade).mpeg.exe
file	C:\Windows\mssrv.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\hardcore hidden feet .mpeg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob hidden cock (Britney,Janette).rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese porn gay [free] bedroom .mpg.exe
file	C:\Program Files\Windows Journal\Templates\lingerie girls mature .zip.exe
file	C:\Users\tu\Templates\indian kicking horse sleeping feet castration (Karin).mpg.exe

将可执行文件投放到用户的 AppData 文件夹 (20 个事件)

file	C:\Users\Default\AppData\Local\Temp\hardcore public .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob sperm several models black hairunshaved .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\american action trambling [milf] mistress .mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\american cumshot sperm big sweet .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\russian porn blowjob full movie feet bondage .mpg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob several models hole (Anniston,Jade).avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore hidden ash .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\danish handjob fucking voyeur bondage .zip.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\brasilian handjob gay uncut bondage .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore hidden feet .mpeg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian kicking horse sleeping feet castration (Karin).mpg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\italian porn gay sleeping hole fishy .rar.exe
file	C:\Users\tu\AppData\Local\Temp\black horse beast masturbation stockings .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\indian action sperm licking mistress .mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\american handjob beast uncut .mpeg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob lesbian sm .rar.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob hidden cock (Britney,Janette).rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\black beastiality xxx [bangbus] .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\lingerie masturbation (Janette).mpeg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\italian porn horse [free] cock beautyfull (Samantha).avi.exe

搜索运行中的进程，可能用于识别沙箱规避、代码注入或内存转储的进程 (3 个事件)

Time & API	Arguments	Status	Return
1727545320.4375 Process32NextW	snapshot_handle: 0x00000134 process_name: pythonw.exe process_identifier: 2676	success	1
1727545320.4375 Process32NextW	snapshot_handle: 0x00000134 process_name: taskhost.exe process_identifier: 2596	success	1
1727545322.8755 Process32NextW	snapshot_handle: 0x00000268 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 2236	success	1

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00009200', 'entropy': 7.72410521667106}

entropy

7.72410521667106

description

发现高熵的节

entropy

0.32882882882882886

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 231 个事件)

Time & API	Arguments	Status
1727545320.4375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1128	failed
1727545322.8755 Process32NextW	snapshot_handle: 0x00000268 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 2236	failed
1727545325.0785 Process32NextW	snapshot_handle: 0x00000180 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545327.0945 Process32NextW	snapshot_handle: 0x000002cc process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545329.1095 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545331.1095 Process32NextW	snapshot_handle: 0x00000180 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545333.1415 Process32NextW	snapshot_handle: 0x000002a4 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545335.1565 Process32NextW	snapshot_handle: 0x00000180 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545337.1725 Process32NextW	snapshot_handle: 0x000002d4 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545339.1725 Process32NextW	snapshot_handle: 0x0000027c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545341.1725 Process32NextW	snapshot_handle: 0x0000027c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545343.1725 Process32NextW	snapshot_handle: 0x000002d4 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545345.1725 Process32NextW	snapshot_handle: 0x000002d4 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545347.1725 Process32NextW	snapshot_handle: 0x00000180 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545349.1725 Process32NextW	snapshot_handle: 0x00000268 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545351.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545353.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545355.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545357.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545359.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545361.1725 Process32NextW	snapshot_handle: 0x00000344 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545363.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545365.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545367.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545369.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545371.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545373.1725 Process32NextW	snapshot_handle: 0x0000023c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545375.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545377.1725 Process32NextW	snapshot_handle: 0x00000348 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545379.1725 Process32NextW	snapshot_handle: 0x0000023c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545381.1725 Process32NextW	snapshot_handle: 0x0000023c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545383.1725 Process32NextW	snapshot_handle: 0x0000023c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545385.1725 Process32NextW	snapshot_handle: 0x0000023c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545387.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545389.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545391.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545393.1725 Process32NextW	snapshot_handle: 0x00000354 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545395.1725 Process32NextW	snapshot_handle: 0x00000354 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545397.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545399.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545401.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545403.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545405.1725 Process32NextW	snapshot_handle: 0x00000358 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545407.1725 Process32NextW	snapshot_handle: 0x00000354 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545409.1725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545411.1725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545413.1725 Process32NextW	snapshot_handle: 0x00000248 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545415.1725 Process32NextW	snapshot_handle: 0x00000248 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545417.1725 Process32NextW	snapshot_handle: 0x00000350 process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed
1727545419.1725 Process32NextW	snapshot_handle: 0x0000029c process_name: 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe process_identifier: 1260	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX1				description	节名称指示UPX
section	UPX2				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (13 个事件)

host	114.114.114.114
host	8.8.8.8
host	64.123.23.162
host	41.254.75.87
host	180.177.213.96
host	129.95.113.39
host	45.234.179.180
host	63.41.62.38
host	95.1.15.64
host	93.220.237.149
host	2.159.83.25
host	145.180.104.171
host	139.213.49.152

一个进程试图延迟分析任务。 (1 个事件)

description

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe 试图睡眠 1682.092 秒，实际延迟分析时间 1682.092 秒

枚举服务，可能用于反虚拟化 (50 out of 12192 个事件)

Time & API	Arguments	Status
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4375 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4535 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4695 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.4845 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed
1727545318.5005 EnumServicesStatusA	service_handle: 0x0056c850 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿ:À/WÿÜ::8T¸ØVl[w¸ØVÀ/Wn8T¸-WÄTèúFÍø;z8ûxÿÍ_wÇQ%þÿÿÿz8[wr4[w¸-Wno°-W0ü¿évT¸-WÃ@\ýÜÞ¸-WØþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意 (50 out of 58 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.2464E16B
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.2464E16B
AhnLab-V3	Worm/Win32.Agent.R336858
Antiy-AVL	Worm/Win32.Agent.cp
Arcabit	Generic.Malware.SP!V!Pk!prn.2464E16B
Avast	Win32:Malware-gen
Avira	TR/Dropper.Gen
BitDefender	Generic.Malware.SP!V!Pk!prn.2464E16B
BitDefenderTheta	AI:Packer.9BD6A4051E
ClamAV	Win.Worm.SillyWNSE-7784290-0
Comodo	Worm.Win32.Agent.CP@42tt
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.b6b355
Cylance	Unsafe
Cynet	Malicious (score: 100)
Cyren	W32/Agent.BTR.gen!Eldorado
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	a variant of Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.2464E16B (B)
Endgame	malicious (high confidence)
F-Prot	W32/Agent.BTR.gen!Eldorado
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.1fb39ebb6b355da1
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.2464E16B
Ikarus	Worm.Win32.Agent
Invincea	heuristic
Jiangmin	Worm.Agent.ws
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=81)
Malwarebytes	Trojan.Agent.Generic
MaxSecure	Trojan.Malware.121218.susgen
McAfee	GenericRXKN-BX!1FB39EBB6B35
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.2464E16B
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.CE92.Malware.Gen
Rising	Worm.Agent!1.BDD2 (RDMK:cmRtazpMqVZe6Fdagclv5jjxSIbV)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR
Symantec	W32.SillyWNSE
Tencent	Malware.Win32.Gencirc.10ba4358

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.jxmnr	0x00001000	0x00011000	0x00011200	4.895716385148769
UPX1	0x00012000	0x00009000	0x00009200	7.72410521667106
UPX2	0x0001b000	0x00001000	0x00001200	0.729760167284688
.lpkez	0x0001c000	0x00001000	0x00000200	3.9638687291035044
.g	0x0001d000	0x00001000	0x00000200	0.5960600373116879
.i	0x0001e000	0x00001000	0x00000200	3.022024057407475

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

->zU?C1.*ph
.jxmnr
.lpkez
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
U%z?@e`@
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
Y<9O_V4#
,:@>" :I
7&)"DG5D
E+4,=CJ2:$@/">?<$D
@%0?&6
/ !%.
0!&'-'
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,`9/g,
|H%}$Th
+%2 q}'
$C'vH?V
0~b42~6&Lf
y'P(YR!
3^@0#+=
9];@o
+;W&i,5
&#[J,8c*
3B=]>ZH
0q.c$
!;)72{+JM'ak9E6
?{2I`<d6_
.wW->7
#2T.x$";)
g?l#hYC850U
X;qZ>z({
e?M:V'
\6;,K6;'.
C@7=u%lC4YeVb+-El5(
e<zm)t
38J%6>.a
l/,*Hr&I
s?l!0]:
g.<G]9Z9i"
0=((-n
*E\4$P
.nxN e
 "w1|-j
7X.=8?"y
S.=,A<"
F7pVE(# \
g1vu1F7(~'
/O9u&z55
79&=q9$'
7;&y>(:
+AH)@/
Z>@@'O
.>(3z/w
+n6'6+$
=rtd=3|9
4M'8>;C1S
H(o0%!Zb
6SB!.5.8j
jV!k#
#i+d'Km%
#6?WIk
Qe5:2y
 b8#79
4R/,P 
+h"D|,2
(|{!U<
8YA;V!?3I
S),^(;[
75/B:8C"b
X>#8T#
?6@.E^h?.
)S7G%-I=
&p :1%$w8m 
b*=l$'
V'zOi"*
v8zC6x@:V3
Z.0<=2s
5#}?~!
96r$(*omU!Y
$]R9)[4MY
yKQ%L!=m
Z|:m:}3w
=c;3S17&@
7KK:G&I Bg`
-o]6c,
i=D:66
w[?"1J=
&,.((>of"iU
:|(7xZ("q
n"\3:n
-&T^o
E%51vp
)^"Qq;5~8
!50`p/
$'XH3M>
\H?$p*7
ja6c*
a2a0017T
8<V0SZ01s%x
=w"`1R
d?'/t?VR
;k(=G,
A5,.>R\$
_:+TS/ 
lc l%"-3,W;
VR,m&T"$"?y)=e
Q;uu(S
d1_*dt>
Q<C){b!{
%<6>=T
G4?)m|
W xd9 n"3g
84$$"iO
h" Sw?
V15H(/f>
b}+zv>DP
/a$X3`<M$
&B32 &w
-6s#oP_/
$g>+4{$a
>X4A/5|*
h`2: c 
4,8ji5
"nO0iX>(I *
?R$K/-
q/K(Q8
r':"}6z+"
2':,:7c0
o?#)<Az
=Ux.yo
fm+^(E;;p.
0q~,&4d
!V/t".
_i%U?H>
a6%t5>
1f%;208;
Q;7OJ:mX"
Sh8< =
>63@63^
~;=N>>;
E&$qX8F2
q6JK\#
o}"!BX(a^!y P52
A'*0g="
MV $f2
Y!BH4<w8Z(3{7"
'9u=?&
7*%aq:L=!
E433I1
!S4.,#j11
1\7!qL
5k,0<, [#
"v+(?);]W&n96,"9
p~.^K'-=!
8?Y0!Og
}%%_+'N9p2&
W:*W!8!y
%e=3,,H9w<
v 7?.&W7Bu
$5KAF=
8/tU"!
0L_D>@
>[t2Y0Z*9>E=#-%f
)+dHc5
{(-#0)6
,xxK&1@)\4"hU5q[$22
X,FC/0=U
R=6cy5
1}+2.9X#
YF#UB1bY4
b//L8!
\:!:"#
&k)yJ]
$I,6D3
KRS$;.an]*
A!|38|
(1X0Ci7
9>K-L4$6
pL1^&)
W>7S%1i<
-t=,,i
F|*>x1G
p&dI8%)QV
~Ix&q}
Dd&hP9/
F(4ouj
P@ Ab 
b,}7db
?:m,@+
aWi6.!?
4.j*0W
,E> rw
f0=L6~
E>>1 W
66.d<<
>$'/g-sX5 GI
7S&id1
,z-pE2i"
hV-t0j
-v|102;
1N5Ch
$bG8-s&8z
.[94J5Ol
Dk-5F>rG,:>
D/^9l2
$:24':"7
:2,0ti..B
E$,@336,;[*d
3z==2U0c
7x3X!G!"g:>2{Y
+[gt?r* 
 -2<"W
C}&JH4TM
//$q%12 
y*93G'"'
&!V$*u1R
+=F=u%
e/8Vv;X!
I7%J=+g$K
5WUn%L/
5>iy%6~
1>'=9=,+
Z%h(R?T?
>i!h"S8
qN(QQ?~
"BM97pwr
"Y,V)_
<!?U9&_
j3{;X&<
#XP/)t;N9t
$44s0)
!>%+%J
"c2%C'
4G"S&T";'\'
H2=*~3CnM#r} 7"d
 !128k
((+lV%:
>,9|68 
>U@8=#
/& ?-t%c
l*('D#
!~,Jf8
z'0+M0
V:9(*N9/VzG*
{=)b1qL
1(,rj/
MW3B08
?C*6%<
d&<?U)
!j?W00W&30H?
:960(8y,Z
4wp,E
])GE'9
}q3Y?}
ONE/5&9y
(Xk3&g
m9t+4$!g
L2r*Q<+
=43B}'850K
~;?K&m*G]=r-
~86cv+
?g>u"p
(X<x1nH<
%"I+jk60t
{ 5r!de<H(/
(>r4h%
,q6x ,q
g!})T 3z
<t3N94
Cj(!s**L
;!5Vt#
P;(?36
k7#+AP n
^J9a7M
'-Eu&tPA
R.=_#(f%-
{06~8]&8s
;j55[3UX
?2"{nG(y
{>c dl
|2:7,wG!,
;cB0^-F
a8}%2a
|<2I)"AA
_+?{<x
D-9j9&S
UkH/6 b0*I::a
3mk"2^
2 )8V<
!9LW28>>;O!4
L+$x!*
.#S*KK=K/
W1>t=C2q
u:eEw;k
7L+{?=1[Mx
#s(5u>
Wy5s9,[*=%R
#x%f,S
wl%pp 0Y1
3?*j)!El
2C7=U$3:'X?
.Hw?k$
y'+Z:W
"bnQ0*N&<4}K
<K|,$8^ ;<;"r
VnY(m'
Hz;4-t'-*S
*o|>% U
9Go.[1>
5[$66,$
<8)7B7
\9.>A?>),kU
Eg;&*<O
3M#j3( Y+
,)T>:,4"D0{
G+h4GR
{4QG!1(
 YD7(L
3? wk.
94(&i
tQ.88h
?}44;5
o-65e;
9>9xU"}K
_V0?:-!.#)]
'B&_,ah=T
&7(6gBw"
*478QX
6/"#-x/O3=
pg? ~F
]8J'FK5+k
|w1Y,,
|z0J4q
:4/7p!
#o>;!"
8;M8>z'10&(1r,
o~/aq\6
"Ps!`+_f
[@,EY*
7?983,'%
2.5e0x
/jl/w$2g$"!,W].RY-
v^")>a{9
g66"$4'\
J5((1fw)"
QW%=0/
x;/;1E1;;
`o*zF,
6NTO>Tf6
}&K&=#F
u/1bu!
XNo:m;Y)
J2&@V5
1HZ=T(
(M D#S)VH;y,
;+Dd(&Gj$v
Aa'@BX
95SG(71m
/7`"L0
3)!_>z2$Ll2Z
e)k9nv>
=d<<Ge?<R*
j9%5x9=w?gD
Fx!/yK
6"V+h?8]
9 _I-
#O5z.l]3
 }?X6>
d--B-$:}
@:3/&(
M$.<-;
+7_4K/i9.
(`0 4T
s&=64:a=
:H7R33
95T0 K"F
.>z(5,
*~x=uC
U2\=9'FA
O Sr0)
1q;sN;
 ;Q?p>
sT5dc8E
=;P2n03,
Cl9"%Q/D^$5+3
96b|s*
.b3_;0%/
54PR0-ta/F
#E/!8rG%>
y72Jh.
V\6Uz/
oCw,A 
#)Z<:w!F1
.&Lq=C
8G1M(5O
<7%%|6=
(Y(Wa%V* g3:l
.0$>i
=Y;%#d
&7vRV)x
'<!$` 
Xb?=j.P
v5I%fQ9
Cx8$ M<kL66)*>!n[3
(-{:a1Ge
);M2H/Bra
c,nx* <]
P%5+7A<:$
P)N%y$U
r$QpC
 %D)04!
;4%O4u
D1:U(2X
 M6"_ "$X
;<l&/(+
o-u+&>
B.~($U/@{
E/"8Q6
Z2R3t/
1"R2cQ:')
W%2m8S<@> @
53=F2x
?pk X`
T<zl/T
1N3b":
5-=8ON1A[Z
?J?##~<
>ylr8J
23tW9+6
@ /&5/P
.9g$00B6[wi3me' 
;0C1(Y'
Hg%u6"{
e7$?>8
P6kn?c$
=#6'xW
O$,&)w4,i
K&W$.}
/TK]%{: 
$"n9s:)k
>,(#K4gJ;7J( 
v2vI2|
Y?/?=/d ]5(I/
H-l[?_
%>_R3\U
`"O%Xq
--ym/
0N?8-_.
N&N5G>
8)EE5@
C&KC=.j
ar`%_-!5In5
/8mV$S9Go<S'{I$C66
e&1td*_=5E!
a=ng7o,r/vF4
>Q$$>IP
+,{S6t
]M$:K(pl=
(ho.w*.
E*+/(1
%/5H</`
XvO-_ 
Nv!a1!H2
2++:(-
oh=%;5Pb K
;;7+#hW
:!y9LI O
@j>5f1uv
?:0o#S
$m?&/3*N$y8,+)N/rM<
k0% Z[
03p:<18c
df$9,%0x
i0C7[73G0
'K$6:gL
;f:n^t
:Xl-;e9N8
`L&{;Y
]d.(~F
i8"-'NB$
Pzv;e+!1=
FS24.o
d=yGY3
B!$)(!r:0
Co_;+]Y7
3ba0A%M
(&]4/.;
8eT8LJ
\.y.$P
9 'BSQ
?=3"I)[:)W
1m 0)E
?\H1Y2`
=n;/g&
1+"lQ'jnq!ww(G% 
{m/Q35N#
> O^'%
i$DY-J+7
."XO>Yy.
-)i'b7
2'D['N!-
)`P2-#
?.W9$V48m
C%S1<*)8VL/
'>)9*K
H3E !5y
t+4$k3
s_(+Zu>
j;.1=!4
e$?iB?
(x2D--xkU"
9/A}8H?
l;?U>:r
$Dg),J
$PD,\C5X
oKL#Ah:
&f$VD06@Y
]6LW$.
4;0$X/a]C+
?*I<BC
Yz7)iq
6$G'0b
MG>9[!"
P=iK {~!
=\K8w.})Wis8T
>h<A6j
Gl#m7
$4:e&,
2,O(p[b?
6`H).Ru]
&4R3*{0Il.D
I4#0O /8~
Fd;qo;4,
?4X*h-
?P)"_)
2&Q3<#
$;&#W4y,!
B<Z57\
&.30%%#ms
#*n)[]!H
'=aFK;7-)rv
W=6du[.ch%'iT?s>r
2Z;0&I
2"5C1>
k&v7$g
v.,wA p
6?i2`m$
8)o:.|5]
&F63b>4"sm
Jj,/6.#
_[?<y4
h,\Y9X
Y"D',
%T4+!3&
?'D%+7kC
5h0;L}1
Iz?8y=a
766/;'foj
5<i],V}
1j{ 5.i.E3w{W?U"](4
D|b/<?Y
',yy(z
lJ5aZ6,!?p%6M
9 m=d!/B(
J._f&4B.
.uo="'-
:F5%V $2w/
T/m-%k3*
0-d I-*K
cJ$$m*z
(&Q`9if7W,
>yn5/*"
Q5h/2+
jo:R6 'Xg(1
9$T+&?U&
*5u!PC7Y:
R*-j&2
)4/XM<&)9
V86%-:
4mF7)/
n (.R[
ni~=w*
=:13st&I
{s((&Q
6><#@8:C
j<#J?x
wV5Q);
\8"z$io50
5R)#1J0w0
,#&/hm+
q&(%?L |
v.r-1$xG
t;(B/R7(
m/N$ ~X">2
!2D1op3
{6W-u>0
+TM0396,)_^
'Tr59'? 
r6xY:&
&0SW;;8u68
 0$r&%G0z-74;
$#^+8ix&W
Zo*6#f
/A$F[-f
8m:TN?
&7!<c,
b#v+9>N
0e7s(],E
]8hC:j
|^$:6
kP'+!k
44?YN*
'~u'Lz
N6!y'?E
-c}+X,_W*
23"/uwW
MU%V,P
`%&[.D]
H|4ZPM
J8%4.LU!!
S3[%7oB3]
*}+A[(
@7?%P9D
^4fc"'
=r.@_>3
G\/r4:9
"Vp(*
5p&,9=
2qx\0h!
a8Ar*{2}(8
&AG{3y%
wn-'l.
Z 9m>O0
o8:\<o7
'z;^3$
{5Q9IQ2
k:L>z=(
4$w@1w
>"/T6
N68;(k
`KR.X(
v3"=,;
F#(}>!K` 
I5OX1
[Y6y!3Y
$;:7x4
97\Q|/#
V,"7<5
y!d#0Q
Ka&3Lx
<a-E&_:I$-e+8g!S>
~-DX6Wq5<G
==$/T$>!
,wo- p
Q/7]&>Y
i h%/l };{'5
.4"q 5Q81W
1*$3-UY
2Y?<!4"
+L!L{9 
>V<d7u7$pP C
t{!57^>M)
EF.^P$ri)
['.h-.
*k\X*
n*{0e80
3!|;6)>
':P" W1RJ
e+gu+p; "
 t-p+,3/
X#3-n"v
EG)?X%
: (/zW+%3)$
#%1G>AM$v.
-:SL++)
:[6A8]U:%xT
3y#40t2
'a..C-^<
,eU0T
+T4K=x"0A/W4
pM"Q4
a!pT"
2=<n"l6#x!QV
"9.6}64
;T+)Rc,g
bS/Rr*%
4P6 --O,F#+L
^'%qv;a`
'?;(U
@p$?^?
m,&B,t&
9#B^;$8
db 'Zw
.]~:6z
z%[^+b
(2#H8n
=// gZ33 !
=R$/0{n
 6yU:h
'*"5<|e
2hz?`&
1)x457
%-h[6R\
3\x6UM)2U!+!
&Bb-\33
>R!H|C/+K
o6Ms}&yE56%j<
Z9ATx(
<:0fQ0
,E^=.:
r0.K4;v
(q$S:@
i)])A8(N<!
s\bQq,>
'I8Ct'
:P=g"r6
\>I&?lT<
V>ox1e6
8_0&$X
)A+HAu
5g ,X$4
,?!+m'
) =532K
S.~!j680&%c"r
QN/973C
t!=;G64'
88Z~ (&eb
31g>M$s
Ck+x:g\
;d#jq=
[:6t9|
j.h>(") 
9][!=C0x8
K*2#H3F}
0?>6*<
9f"f< @<
"?M0-:;"
/r(q^<1
]1ro9
3T#2/+
3,;\n$OMm
-u?V
})%Z4#
*3r/$yk#M2
%\0W2[z
Zi4,?~
W./(a<<'
;V.<:{<0Y'
%v;,u5
Q4{%<)
6TzI<G_
n!>w.v
bK>'>z+
W"@ 6On
-X=|$F(`N
$Y_v"z>
;--p9g*ux=t{l>%Uf
nv"C??Cpu/LL
mY#r</
8wL%#Z+8:
T)#^M:({O &
"7Ql~3
tJ=U")9/
-q6,q/
4%Y)5j-
6pFx8"
-9w-*v
}I?0e>
<h*>|Q
1Y(H;V
>`55#u/!9:f
43?O6
H0&6!<}
:<8 Sr># 
8'^?Zw
0$kS'el3
2%2!w0h
Tdk09f
}+~7f 
A(%y8_O
L=hp?U_
+uN-#<@
u%^$PyH lN
w)#Pz6l37
K-+(.0=B
g\8k56'<$
;[mb;Z_.
3Q"9{_7
g`&w%($8
t- `8bD3TYZ
a8%j&:\)'Rw
6O(O5d=
3LD-#h
C*l#]XG
~X7!|
D!a>ZP92
.N3`62?G)z
&P^9.!
gR536$H
%@T9^$
-(2ey,8
";\*+'}
319(a<K
3-A3LQ*D
h4wr)c1ZW
D<6e6&
CC=d]1(
kuq-I4
g` {0,[
m7=m/z(>
Ro/o8>xJ
'n2 ;4
)TN>?-mu
T#W#|1
=pu%#l+
#9qdf,
}T8bj6
/4O!(_v|
UH(E3`
!N@>+e'/
/<N:v=z
)h]+m*)JC<
Y2PC!]&J
\84+A3=u\7o>:21
;-g>@q&K
=tO'K<a-
u+7<Y1%9?7&
s3D)d/7.
)7I\.'b!)
<R)8NT
TC':"?K8wL
358x_$R
W<FO"7Q
A;}\4!@7
)0Z&/W>
8P(0(J'f)X=
)YLw?-0L
N.90y7
S{$+Y
{|?%2|'}
<;("e7-^^
5J1EyB
?sO998!
MO!ddx5fw<F
o#I5#0F24IF3
"_J*n90WW
gq(<]!
R(=Pz;
G*0/T8' C
\2p?&j
CV",s/20`,2,
5+&?t.]!
:<O4F.<G:
~(L%'"
N!&/s?P
D@1+d6<=
y93\bB,2v8
21~;*+N?A
%';9)&
 I$<#.
*8E -y5#p)k(0
!6%[_:mq.M
(d:SgN
P'E=9z
%>B[' h
|7q7h,H
1uO'6\<
d-_7!
=6.}_C!\
U(u-F/
)q2?U
`Q;m\-/
Y.b5t8P
8\wg7<!p"p
;1ra2&8
'u8y /u
&W)G>o!
'T5?'-Ea
Ek4<$!
ac-13&KO)
'T* );5
eB!$f3
cU:'?5?<\
7+s! W
u+8Hu/i
I9.d9n2#,
x^s$3.9R
"a&1*vs
O+T"*3>]//
/:S2!X
}l2*/*
M7`v`$
-{+/./
@,9$V;
0m!p8P"
7@h&a
K`131+)
;*2)89
8C<,B2
`5.t.38bB)'f10p
6VP4e;#* #;q
2#Q>7t#
z@ wP#=.i
+"Q,.#~g20
T)js+R@
.( o9
9<h7U_
:-"-OH;'
*`4<l<2q6&
D80x7H
<>oc-V
_*3g,-$5-$/74@+
Br93\C
3^O6a5
,:,&)A4
\2Z:U 
!KqY!E]
'+P3z5rLp1c
SX,e4;)k
>u;=39&f3" B
|2"j-*0%
p[1v?]G
qZ34$T
o$_b.Y9>_
-t4USe
?*6a.
hR:O=s8F
A#JU)"z
;9~J9$S
9-k"''h
 z75mS
/#"I ;
3Q&t))J$
hH)H6fji,,
6!nT=w
<y=!T4sYF
x+i,.^
G&-gh#Q
0r*9Q~
*_x(J1
>Q;~M3,0K
6?6>"*
<J.2`90bvT5(
HL1!6`
ZJ>HBX
"6yC3=
K80"ml{
8?&6,%9^
c:-*?Nz
74[F#8&4
f()d7s
w59*,$;
j6w#jk7
,q1-Rp#g
N=3qW>QN6D~
T?>9?'2<
a+9Z7t>
U8|8J'<
V#6K(b"o
A9m&Pks%}
l)y)\L
n>3oK'
@"j?[S't
O17D9H
E#Bl32,'
4N48vp
6J@,.u
0x#51j
J,-23`$v
`/4:1D3
Is3F<;]-Y2G!
P=~S--<1
(u].k!p
%!;>7*
h/Znc1
4d2K0l!
-:[#f5^8"i
i=#%)0n]"k}"
)e-tl1;
7W;{ZO
9Z?iGV
n14?6G3i5x|*Ra
.+4SX<#,>
M. k9}
d D/54`TE)
"e})xa
A-U,AMz+u9o)a<
(#e:7+
M=#9^>
Pl*B+-,
77v?.g3oB"
(S8f^l5I
6Dp,W4/"
hT*p9.1
,R?=q)5
]>b0r6\3
A#9u[$
l8}'~2a.
|$)FM!
24L7DY8?
:2u6!X
`5&U*M5T(%
4~9?*a
LM-*!'
5}?>>S =+}
0%?7| 
@E5Z;32E33
ygb&0809S#Y
%0A c5
L8'V5</
>?U6dv
>%((V"E
&i,u>6
2}<N>e
7yL8Vg
X7$|!S%*I
u"@T 
110.'n!6>p/8
R;/wX%
?a<#}M;S;
h>}4.x$
"8lO"qy@5E
U5b6,7f3_c0
+iW(.(
;&*m%30&
uA/"BM18
><Y0.~
qC#U63
L#*U>?>],
%#W{->w=c 18>
x*g'-|
Q 4d=q485L?
"cN%L{8
z+~q!F
($Oo)Yz5"f3l+
>b1r%(%X* 
=yB8Va^
y.uz'i4
;rW$~,+07Ri.(m
3G)hs7@/
.[o%'p
4Z/'-<^$^W
fR9J'6
ee'E7t.K
@4{o9cS
*)68@5(
-$s6:,'p`$J
hO1e44
*=Z*",
>z40;-
'|3 /%
*&?%$Dq,>
2:'l,U#`
<a*AZo
hr-4ma
o=>$%S"
&#M^;\s<
'Ik.*K)
}*dJ"7;8[P;
,f-07!B'
*+>p/jB$Uw
?L>656
= I6]5P
 (i}F/nO
 wo,pK#
11t=zN
y.lN562
->+R5#.P9-Q_"
M2{*)>JWB2
-5#)#"
^/H/@$%
x&4;+[[,'1
k6/'r+
mM58%e2oN
{!ZI4LvU
,.e8i66i
:s4O<Y-
"x:gr
/<%/hs
%5$LX3F&/g>3l
$|]C<y,
Y$~*--
'#2l'4W>
z$7*1A,Z<)`W
<Px)p!G
1)u%?^.
",*)36
i-LKN"
>'xZ7d83
h;T = 
!4e!X&
1|p81i+QI'
I9h70`3
u6'3+<rZ!
>`|4--
l z/?A
m$$<v+_;>
3Y,'tb)KN7Zc(
rU>L [
tD%%8Xi
+j{?C&
#.0g%G
"-fF29[
eY e{8;
>\4!0=
Qb40`1
]L:j*R67
gt(2d6
<p0~!~
B&9:`B3
>3lMe"
).J>:l=Yn*-"DE?
?e}%qo
N!4XC8$M
1\X,PB
#rB{$!
[$. Z8
*#i:38
)B[:'E
sVN w)
,m77:<F
v.d<U
{}/]>t
/E x"ng 
8SM.Ii4b:Ig< B,
]%E1Tr6w2
>"tl!O1V
-1g'0>g%
q!8l+o
8m+2T4!
 %e:J/
G%yXH9
.>HC/8
/f|88z
$ +d:1*5
Um77P$
["*;dSI,<l
G2Iq+>{UK
EtQ!Z}
"c.).6,
S+:1W, / 
"!w >(
x31s"vj(v
";gvQ-
U*95N=
?_kx#O5M/&4H
8|/l5
*T&!l0Z
J5+\1m
kg?.f,L2c
87-E[:[|
6}`?t-
"W=5_8)G
c/f}'),]:
?5=D&,
n}9d!R}V!(
96w!,4:'Qm<5
]8"=hKG
FR)+.oz
~l)Dd?
XR(-=,4~
|!z(yo
Y8%A94R!N8:
$a 1&3
Y(J2~U+
^?$m#4v
v+,&4r)2r
,6 (e3Ef
7C:I=+6X
 TQ10F)(*
`"/-$0#p!2<
h)?}S6
155M679r
8:#,Jr#<XW
Nj8O6->2h=8
^*@i74
z,>Q?_(+I4r&
@k.CX4
K(8E\'B
>$d:3%S
G-m/8A
@1n7#1
$=%=|p
#3%jM9j
0:TF0?
ld'#<z
t.P)~/hg&q<:-
7VC;0
q!&%l;
%0-o"
.0Iq?8
q5*$7(
F%aS8s
B< .>;
(I2D(3'zg tGU#@
8WT,f'c1S5?
T&N5nX
gz8:0<wd`
pRK$R8=O
!s;w\
8; F>'T;7R.!
R4")'*
M,NOg'qez.#
[.\E[
O+E9Xa
-5~&O0
)y"30!
M,KV0At]
^)CJ<e'
4k/64|
.?fq.<Uu
v+e.5@
589D8b
Xf7\ZL
[q9?<JY%v"c?9u&
L%,*S-4t
$Y'M,U
@Z4)~f
I0<2mG|;Zm
`f7aR_
Q'f.)U?G%&*<1
0#3 {;r
4|/%:~8
%m/Q:P,
>m66}# `
D$'~?L0
;&Xkf 51
d"o9}<
!&\Q3<]/Om<%|
t1AF`*aH!
i-a;?#
}+S:cE+w
kQ*8U=#K
W/(ex2y#"d?1G-6
_##wxI0&;
w."q*v+1>
3z-=n*j
 #G ]{
v76FZl
`&$.9NA%H
z8?0==y@
o(Hk7R'n13
<o83h $a$
C(Sa9'~e
my:,$N
.G]5c/
6m#@_-
.*e9f1;n
iL)#{<
'("1(6
=g~ ss
,%):x[
,j< wh=@+:
?/p51&
ln=>>Xu.
&?@)Eb!
F 4<'\
_sk'*,b$P41
+~7B*3s
@Is;C^&#:Cg
H0%H"S@
@(=o{J
u6fe\15G6
]+r:^N
,%[< 7
.N%Zy$
0R1<6b
~" 4t=f
t/4i&%qX
g>|5c'
){;%d0
h:r*#['
&w)./>-
e@/"6;
~T#?dQ
6Xz3.C
^'>.4x
)3R)%g5
;=Z6a&
3/E.D
m5Cr+rO8W
rqv9u$[L:i
"1(GB4!
=e5%v(
7a)}3' t&
115h<&
>xe4,
%h>Tx+
/x)]x=p3
j&>9)m7/5
N}=)06
<:64h/Lz
'%`S/@?aR
tza'&P
d'si)3V0 A2
:(Fu$@
`l5sr4x,(
Q62"y&{P+4MQ:
e~0C*y?"Go*[
&1[,Q!/{;
k<y<m43[
!n]#|;
AS,P .U
%yd5u|H9t8
o^|!/P
!H4m$#>+M=C949%Y
BM";MA
[ )43&
5LB>;E 
s%dG!{)
*&1$2k&9
(`/A:',.
$U=+#xop%
|<2wlF
,;ewg.;
'>:"=O
Q0>z.)]*p
5?`&z)'2e&S
D+(}G&N7z;_'X3-P
c$T+1/
41$2]F$o
M[$&WC
3^%V+\
*L{,r8V 
If#Z78s&U5
+E=,9;5*K
7y:1le;ep1
E:'4;7{*/!8'3
hJ<i#
SN*S-9iw
=p(w-U.g
**6.fY
</( ;=q(>f:;
N?}',9
-iO.U1a
{b-}&=K
 4`0&Y
 Z;#(".!
?$y&%K
0-/a:A%&8?7(^846
r%0Z3~.
+@9/J${
h=q,Lp
[I;*&s
;i(0nt
w'-Q==pD
Tn=A `
2:hP8f
qw"Aj?3-J
#$>+6}
`+`>:$2l
1$27 !)1+U
05_/&x
-!u=*(g=}-0m
Hq=!1#
i<V8LE)
a6%D3$
zS0Ko-*
(%4/;<<
:f $.|h
Ix:*#B+&
b7E2'a*_D
8}99["
%4G?#$0SJ
C'&jF(6
07:7"Dw
5$e"Q+
4$S41;!04
J[d<lg
X0+2$c+
@7u`/O>9k
9d#[??O2+h
p 7i'M&?
<Hk,09
;\3?&3^
.Y2c>{
22ZMe,
e[{=&v"rI7d
<+:J5?d$
$}1.hV
~>qQ?vH5~(
%E<lGI2p
&G/_{^<D
dk=U]$W(XN8F
tp#n,;
~"'<^h5?7
Nc:yV%D
Z=$"HX9
">?o?
.6,,dS!>E
]7]0@q
a1aU:Q
*t82^r
~6Y3E}#:-(m
K%%0zT)
y,[* K"
&(nM!m;
/]1w18
M6D02eTZ7W
 w :WR
l>=sy%
~<|!H{
k.7FT*-
$C#$`Z
4E(bi.
)L2\V(h%
=C$k'Z%K
a>v8L/]<
!Sl(3-
:iL =-[<w
4S&g?sy|
:4=19?G+
*(o<>D'
n.h0q
/=6:dc
/n/O'h>
62>59?Y"5~
-4el0u
qH"MN-'
q)&*+Y
3A2',O!a'3?f
#U9V\)7$%(S3^
!/KY;'
y^'*'O
;M8s* 
U501b/
R'1f6n
-Gq%Ty
==K3>O
?<{>/<7S'
p.:&#p=
I<!((lFe
\.m%"p8h%
X8v?y+?;
5U,&26
]"MY/
^I}/-<#^$&
Z+wF3P
)%!5;f
18I*+(4.
.Y4H2e?&
dw18Z,
R3+,f(7S*jG
|/Jd6T%&6wt,
p']F nE
' 3;=q'=_-Fsy
x>}B)D~#
/q)26
(X55O7
.u}(4Ou.-
!3M-2M 
R(8~$'
6*-z:W
's)<^0cs
48g\2=8:&
H*ig.1>,
2::N"w5[2N
'']:#?.)
&}94(F0
z0of%uT
4.uP84(H18
'"7;E31^
rm5)|)
=?8 %m-1
9<2*s'*2s2(S
n<N%<:
Z,kl05u
s=#9{K
t?W* 0s>$
Q*'j6="
],qG1Fi?:/$*
>I2`\
)-lE5=t&(
m:O}S>
oI P*}Gi
u[>yk=
zm=\B!49>_<
52#8<^ B.
R&$i5"Z(
I b085
+7@O7t2Ho8%
[,m(B(.dW)3
x ESV
S@.6=G
x&-*[Z
[7Tj=M6j
/b4%O.0|
A. h9+
N6N%bw$
+Z 2J2
Qe"A?*5-c0
O&0-i$J'm
PW)b8;
3S1U1g#
a<8#\ 
D%Q'4`2
9m&tk2
30[0s#
'BU4II8
5t+s6RH
(?6Fg*'
tM:"8
%#3-T_>(}
!C3q5:x
B?/N24q
<G-`cj
o=4#w!{I
Hw!&:Y
M)^Z73
;C-B'g4%:
m"A:O+
<?7)4*
TTY)n5
1X9{x.c7
4:?jH+
p=vz0]
+=. (l
"5lM;|>Q!m7
,9p @*!
? 6;y(
1(U;*b',.5
?F-D\p
!,b/_4J]m6lD7
.y)-H$)*
u:N z-
 4)&35
g!W"t D0@1HE*
+P!)8:.*"
#~g#k*m;:4k;N^
tUM.I[
@>1d780
V(,d>(9]
q2N,~A*.?
38lb;&[
\4oQ$4
NM19a:X
Az/ O
-{&:r.
B*8e4|
CW$mTW$=<73/&Ap#*0)!
["@>74
: 27~8
af&T>K/
L0R">C(
+9Qh(hMN>
vtO2j;
pe+ b+=(
l3%~^
*~ 2@ 
P3?2X@
Q:+r 8
,?"8/&3$r)j
(%T5t?+65
Bt<]&z
r<)=j $3
E~7Cdf
Wl.!S5
8>;KL&
k69S9d
</5;"?2D
p(vq&2h|2E
yo)|5</r(B
zI&)1*>
OCx(~{p
P879K.
"2-U9N
J-*?\=
"!F8 $
+#0G4>6
.*)7Bi7B%E)
;7f)[6U%I
h96=*m
.j{4.j
(w=a'17
Qi\>36
^+A'"9Q)
<w4 3e
">-^0?}
{#65P 
~a%D03
+h"NdL2
-p%3B>G8\RV3i
X4"&4l;
'R-t)s
3+7A V
->E7 8HL?!@
a*3S357%.o9J34
V666;31
!j151fI
v+6>'=Y
2/vk?x
C: X-,|8v9Q
o1o:1\&
9?Ps*R
L(P#]l
k<py<c
2l:D"Q6$ W
>!(=2r?`A
J;b2.?9
N.Iu>9
f)P^/t
zc4(\g;
n(&?b1
M9+%4f
,%2>Z09^
"()C7C
e;k-<w
[2(nc
f4:L+ }
>p&wJ0-#6(
c=P(b0
!]E  vh-
`fG&Un
9/ja"!
C(\|48up/YW
}J$4 A4by
! ?f9 
^,7.)"K8@
iA0^*8R5E<3<
SQ?f`C
j~$QI&K
T t?kz0
F)e+.,
<5s= &
5(FOL
=%M]$z}
#!'\A5
/MOy8`<
28+GP/
*#[9Vl
gp#UJ)3
4${G* v-%
{1L?T%a=@+
/+u)771
j+8x$&
)K,e/E
u"WZ;cM5
 </?3xX>)"
*1vb'q
u+540 
^7Z"b9U
CF>9^ 
'")a7B1
Pr-o4!
s462S'
Y%o0#U+
83JG>r2&K$
;u(V"^
v7S[,-8\ub
&I3$.y
k+B6t)#W/3\/t1DV6
d]R",~
-' 5**;;5Q
n?=@$g
+o#]f0J+*4
3 f!5m=+
lA};s0
i?8:2"?89
4s!Y2`
(\4z.'Mh
2<Vf$<u,
(H2M,X*!]7+0a
(8S:r8Pvv)
%R6.9l,%
E3k+I,
g<7q'*
0]+%58
%da&71$G=G
?nN5Q{
>e+R0(
W5"d6]
9wM#),a=v\4p+3
?:AY; 
q\6M`,|
d<6} :
L&!m5)C
9i!a$"
]-'W7Z) #.6;0
[23k6c
F/*r0+
s-WtP?
~$Y(I/2p
 6k=Q
4=o9FO5e
M#/? ?
 0"u!k
U.|0b@ 5YDK
Z;5E8XX!2\/
+3a K8V?#
Hr1rp$
@U(J57/S
8+>&Q
->L?!W
0^`0I>
4:kO#7
e6i8a@*:[2"
=i'Q)7R<xlO
,(\"I!}
nL=8&7==9
/u/$9(?ZF
#6y)!% 
4.)P%z3t'
&?s8lk*
 ;=#z)
w0!B[!
6<.WA"[iy
e='(1I!
Ej;8g<
2Zk ]K){[l>.8g
1Y M&(]
8?vS834c
M1x(X?
)F-<R)hD"]4
?,L{ x
z(lj=($!B
_.9l4~
Yz%n$U/<
&H!2of
'+&2oY
$x4rJh- :5v
`)fR$8-9
%Ch-W7?
Q2.450
,11%N.dff.s1$3
:fu,:u
59=z1g
W23?T;
6h!%@I!S6u
*"|0d=
>??n=~
X/>>)B
9UY4/iW
z6z17I0u,V
48y`;!g>
(\$&bG*Z6
=5&)4
9M~&_;
S,)8t,C1@D
aD8&fHI- H>B
n/I")0
+6?3c/)
NX%;)@'T<
<Z,v;Wx <58z
4E\"x r71m
P(e2?n(
]!a<6/
^)x-(]
j|)H!5
l?.3 J-
2?[[54w
1GYh:,;4U
o._7!U
12I@5-
B:Pq.!
<89t0M/p>
$r$|2.
S!Ba0)9d
%;cG-iA
;E&&79={
.(Y%k:
-%;Cg5
?M+K-<I>?
,62z
9]L*k|
g.1$$P
p/"P:n
'}f?_,j
V/!p/Y1/J-"
1qR\!A
-%j6`3+
()#\N;9
|%$X)+`<M-
(=#|\ 
B&S59m
&HN3N%Z
(r')B+s
7>fR:a
*Q[="c"
 ]=4m&>
/l14v:
x>' Jz
5y;*MI[
)K.3vK
Lx1mz
%R5O>mH)
+Z$1:
4' 95=
],m<d:/g89
//>j 5T
|9,K"O
"N,"0!q7')}u#{?E
9--]7a?'
==>&n<
98NR4!z
<-W67X$?~.<9W$Y9J7z
1w!\x'
LAs6+
+%<<5B
)T+a>B
[.853K\X0Ct
I>%_8?0!@.do
@&<8?ss;/1x
T1 2=7x
z,*=~1"j
:4QP_#
K*>$+w/e
)*"5vA6/d*C
,a;<|M/
*`Ge$N,}2(8q8
Do18Yi
JX)VHI?z
 w/;bd1u
5&'#%rz5*g ^:;>\9r
%M{8)]2
}"6?r>p
?&p!ZFj
2s$,@}";2Sv;2036
o0A>$Q`!{
g#;.d=\=
W>m4nyc
qn4jLx3
k.>A*7i?2&<
>;:w6Q
G>>)ES)
=b& 79}F
$Fh3"S',`:
t)"h'C/]#
|3>Jao
Mh'g=-
g$'&'6k%$3
PMI/r0#@~/
fN $1:W!AEi>I
CV/8Zo
,%%d0(:B2
$vBm'0
6E2?9[3
60(7#B2:8
-B-17u7a4
Rh(Q:.h
.*VG.p_
N9?#/
!7OF 
2JR oaf
!VBZ X3
T@..!Iw,#
)3:-R>y_2%
5+Hnj'+50
=)P2=7%d2<uG9
O+S}-6
:'%8Z`i
*#s?#G
C1?6,fs
0*[B}#
#??iQx
7'>'%/}.
i:D+3cj
/W?8 9*.6
hC1(5R
'T>9D=(
U!7y!:%
8&4C4b2lR
$"?vW,D
'(aG,^
&p##"'
Lx3$H%J
ma6!@la<
)x"^u9[#4.r
&'7K;B7)3t6n
6O9f0O:Lw
z.g?GP
u3> #Hi
0{B,&9>< Rk*
o'(1C9bc
"W/:;x#C
,NK&!,S
3JH!e?0~
D",g%O
p(?_*:
\/84"H
os C) M
0S +auK)
e#Y2&^N
k8*mzk
m,g1}6c$
!G.I3
3Q<E%7A+F
l<Kj#nN
8)wQP2>
&>8Q=;8
bi6U(?80;`
l;c$!3Db
Yy0@(H;y:==CP41).
1Sk?&s:%O2];c#.($m
 8&tM',';6i
*G(c@$-W
[5qI3l-G f
`9il"n
s/f;x-v[
)Tn0g+
|?@,,8
4( <(TA>y
=M&0)O
%;QF>,\
R+c0"H/2=
)/]&Nt
?`%b#y
02L90*
HI `R4
o3.{'^LT
36;$5 $
#d/*U1"/
7+ye sJ/
0[:u5WG
v)038{
"o*h43>
N2/5%&M
756"F
]96A&
$$!A4A
s+7v.Nb
t+%4z5U
*L3a00
i,rS0+
Z+[Z0)W8o
j4;,B<
?['?c"5
($j)gA$%q"
N)N};j 
kg4*~;j0
4i~N'W
1pB~*Z"
9#w)'1
$7=?^&4
ks?V0m
#&?o'
^"#WS./
$[+']4
5*aF;Ki
8;o-MCM
%*c:8A]&9:
8-[(<ZF
3>7E%%t
Ic6m+dLO%?
wUs,T 
}=X2516eX]
g+v*1  
'n/)=X
R`>?`&
k4FP5;D?
:+079l`)X.P
v&6QA3
S=|U059
;hO%3f:
A""=0o:1
K*H"<2Rv.
\J`:$$S@#
34d1Uwv
L$8-+,O#
G"$"2r-)$>
7)]>%3d
-Q;S/$
/"l;=D
^#=*'$
T+5xA%eQ
=0k)T23n
:j)F,f2
/Ny%.9-
iA)zo
>Yf7?X[g&U0I
+E((yt$
#944x-
Hh6+O0
J>{g8^~<I
K%;Z3.
S`'/'-h
3#((h'
1&6(U8,6%
<o6!jN^8
!eJ'"0x
:E0?1|**3
Q_:%@6)
_J+x8"1+
wb.1>c?;1+D
VV? b3~*
89$&?~+;
>2,/Os<8'
7w,3s$o
)+%%;{
^]K.40"
4+NT3M
;9-$H[
76+o.G&^
Ii!*Xk
"n4K$n'
.f6B`*"
d,11O8
]vm=0e
W&pw2>
K+;,Zl?~&}3"!
++FD,
OB</# &Kw
d)557c'Yv"L
(09u C]
P$*J9,4
+\<\9:/An
0b/,x$V$'
y9-)'/0
az3#C'&F=*#
w5^K#s
[l6,$s
Q5\U"m1cW
B<"{F=1x3}L<0B:E.
[>?mB$e<
>=6{38O-
ih-Sm"~%
?:A?)8
=,",;j
o4N01
!5p;H5W
p,0P!l
95}r?5
(q<hc08^8488!z
?@r$-,D6J
^+9T3$;
U?Y6Zo
t6V}/Xj!
`18I{';
[6f7=8C0;
"a*r0#c.0;>s!@
)> ,|.g&!#
dUO4765
1(e%:l2*b9810"S.
:)](+4
<M#2x9Xo
*G,)A9
L%5$l#
R.Zs,EW+
I,v_>I
U)%K[4[
+c9S<041j(
17<iH$;
j"6m4?18
k?7+6
xj<)!+k
*?{b=w1
I>g1'+@#/
6C"*NJ
^'U5q4
7H&*-1
P{6Xt74"Y
137=8W"0+E
.U"4Kl=
8m><X-!
0qV*\g
G*7V:=
D<ax><@(u2
4[_&P1d
Y]3sK:kV42w
&!7:5^
pj?>.m
x'; F)
F >g2!
?g/0e''k&
*"A%F?]x?
1z'+|5Q
$XyO18!
q]+&bxH*{4
29/J<&
2r?H4o64
U7y]N%
\g<Z+0
5!>_'w
G!$G==M
b23aa9on/
N68c+42W
#4<%<)i&c
&#)f+*
SU-f b@90S
K}.1tT
;w]y%a!
EI(?BA
*+d1:4L
$2*%~*
nI<e 9N&
Q7F8a#0
k8<r2n3</H2;"Z
%5pe>b%T
"&DI3z uG-\=S
#m><O0
q>,?y9\
;[/0 )
Cf>4aJ
*!T+<8&:"
N+(W0t
((</W 
864;{#
/8>W$7
jr8S:
?=>.0#
[9/p4F(w
),X7R4
*Q2/Rv?
Lr3  >YX6S'
ql1p3}%5"=&
 )M*Dl8Uq
:4><!w
jK n?+Y
#!?+~Uj7
[,1d4m
;!2<'b$*Y/\
8oq$+57
t>0;#'5
*7*>^$9C
"#W(M=O
Z0'3JI
/I(L&6i
!&sA!x#wb
lr$F7E;
m0/0!2i2zX
/~rC5`
Yw+O<l1>
&a3;#.u
b-}:Pg
z](9?u<
b3#27$n
ro&1Q!/b&o
:&%G."N
>;#$t(.
5;1cn@
#W*[2{?
l7'sG>
1v2O)&{
NL)6f,
j^4:'>h04(*
>W)[0@'v
"+-:xs'j
9.7`+-p
v%Uj<4kI
;HH5R?:$
4!/.8=
JF$\1$0PL
+*SJ?E-z
;8wi+r\
34[P<i9&.
0jW0@ao'
[p2k+L*
9<f n|
k%`4+*>J
50F/w#[
O9g7$I
>7wa\$1%
D[> g^
$(br*<"
|`0q*p
F,b#yQ
/hX$pc
by#T'_
~'0&DL
2?HA)w[?
\F6q20a5
H*3)Je?P10
'2L(q<
m#v.h8H/
C4&?S{R#
3]8E(7{8)2f=,;cI:
<0d/6`
s9C*/L
&$5ky)Gd>{7
6"15)>L<1
x}$2[<9!E'Fi
qS46r)
'5D/m8>
%b]4_mu*7N
?)67x:4U?
!7)%Q($ *
8>7i2X9r6n)%
eL'/=8'
9R7)63-E
T7'9
7;4/e(
(=(8qX#
*6]5&d2)::;
==6-T;j8WS"
><V%/
Ki(yD+QQ
H?we45
=5&s&p-x
9j/~ c
zD3N2f6UH!?
\pC93_
>2H>eI
M$OJ}#
&e[ #/,
+r,1&=
),H<y\
2$L8Pf4L^
r#n*@P
N/Eq-^
>f'W!Z8;0i
%>h&9j,u
5;I?~S)k5m
=>`;0T{'g
S<H4]O:
75L%t(
U,<0&=2bU
(J",|E
M.06j{-`8
-/s)hZ
25z)o7h7
yP(}E#8(O4
,u1_/:\ 
P6?c~?Ok5;(=j4:
$3zQ(
v8u;)F
I4)50';
<C;|V45H\-
&"I0B.
%97u-,
A/.*1s
8*60`(
s5TpS*
(.E-8/
R7$n1+6W}
F,j01dF >|1Q^
*O$"F >s
I%5Gg#
;Dx8}d 3
=:/x*?
:z^!Y-j8&G
F'[l<_+b
58G,J~
)>>;:&?C#$
$$"<,#
@9%#!^'4q
X*[c3b`:?7
tq+2b0
F"G4&<<N6Aj
",_7EJ2
0c*I1Z
Qz/=0+w&2)5=A)e?*[T
221|o'5q%/
]Tm,L,
B!'Ter
a1oy%%3n?7
tK'Y1%
;xm,%A:
#< )G62i+r%
#1G54A`
'=.0_>*`<:#E
w86Q'{LP=
-/TZ%3?:
Q#z'RK
$2$i)Y<Ip
Ue<HW= E
vj,`.A
$/!5'"
~Z\`.]
-"D1;!
2<F~7<+^
Vw5Tv(Ya
uc9Q+4
H(+K8~:
F39)P(t[
Z%-#8W
}"-!38
WI%/r*f`/[+;SA
,"c8e$tX:Ud%7
>G6^-Y]
0->X!d;
+;^.$N
1=I!c?j#
&$.,g."G
;5hnH 
Vv,~w
&z'U2%
8/U*(l
V&&2])
u*M7a
%=]#Hp
?'M1T7
')ZM:V+34
C)::(&
u!}8[|k
0b.cgg
4G75.t
j.)Y$KI+dp
~<3{/"
Qu%,=L1
5=+j8m
#]7R$qr!
$5"vf-z/
``:\*X
>,6 -E
X!&y; uJD'4:H5,
2x.tE.3~
^gj"c y
+Mu*5w+
++R>[0*mN
L\5*2k
".h/8$'>
.k8Bn1&i
['.<~&9>8$!0
;!En'kDv
A$a-iD*13e
E:/x$7
x<=~%>
{%-2>B=fbj)D
6Hw*+f
R!g.o
pR7s1[
e,'y9H:#O1B)@=
*bl3_u
>z$,/uu-2
 P>"/E
91,m>N
g)W&.H-H7S4#/k7#
m,E8X<
@8&9$Kk
#G9p5<
,t$(6E54E
:3A*!r
iM+%\8O
W[/D8~
%#{3>Y,x*)n_
@+ ).8
Q`",~?
w+#Z)]+5X*
)5-;"-
w"JgJ*}1_`,+F
-`%8s.u,!
(2>g3y-y 
/Q/e;t
9B!a9>OA8a
.%@3*6
T="X3c
F.0l:=6B
#f3n<1
73[?9')
)" W4n
1+<J7,
e-I#&5j
40/@65
3-p:r7~"
x<+]j&>j
20W 9%%K*J
_7]/#$
D= 'o?$
.'+3P 0V!c?l>aP2VP
%y4qt:
m6R/'C
Y+:cY'
7>wm*RB:T
<}- [{
z2?4'
)8p0N}
A=;9?Yu
w99Do*2l7
\1Ve?#`
\Bj.o<i
 M40<&H2
m&R>3!:
y6&u.y
@*23#!
.cl,($'Z0D
3..G<f;
-B>=L}6I//
$:0*K+e
]<'u36<
L*f&9=
88u0 H3
,1152K)
:!1(<k
4gP5dy
~/FE'N1
%1bn;L
8U:7DX
q26k/2w&#*JN
z-.-9
o6a=%1$ 
c!t43+U
p6@g65P>S#:.
W_(3B(rRU
:m&pn:Y
[b$u6{
]1w<{,e~
>R]4( :}
=U+hQ3
F9l2=%f9/o6vR&
;?c!7-E5
Qk#_Z
G<U%bO
A7?X18+~Bu
o"#`V.
5y8'-=C
F<42.'+B]
sW-"di'
<#dA g
l@9n#=|=
m-wI" 0R 
(*2'C5*!{<65#
6f~"]q
Z8 |A
vL3q~(DU!
99; 0v
Ts8U?<'
}q{&C3:
XO:k(l
YQ? 546bI
2Q>U7@F"G
P""5#)'+w!
5SZv8f11
.v1CI.a
 >G4;1PD%
{vN.63=<6?
?xHV9_
+4n-gGt(c6Ri
]'G?@/
Qr.r]&
k??X%NH7
}W2`$y3'
>!40c?
\v#J5f.{
_=){6od
XA+@VQ.
> +#$:
p&^O_1/((3m
a~>^' (
7"p.<&
.SS(kr.Y3
4)>Z)>*{Gd
c$K>i4_
8dJ>fJ%
5.U2IY>1y
w2K5,x
}=>rn*>
7}#'F9h;R.
1q1Qf~>Ulm
P+Qt1D2
j?V{,M1
)L) |=h
7=.07^)ag<
S+0%hQ
O:9k]76-5/.?H
$S,-#y
~/8/.gI
9z)g1w
}|"9>*
k>6a%Mn
OZ_(D^
i'`v5\t
`7U%:2
i%PK)6
9?)8$/j*E
s9nq(J? 
$&5;07tI
;dL>%r
cB6f)P
9d~#xg
xU$f83v
Dl(=6YF>7
K-iO2$e
gJ4F/A
1,!lk
O{>b&/?N(W
7D3z!)-
"X!N_$9Y
6 ([46'1
#w#U/5
?1@E`?
!$@$I5fd
0m%;L4
!,7By6*
*du5ma
Iq"B/jT
wu6N7(~
7c#<l0-/`7XO
%U9"%tQ
:Ji38Q
{"U,,_03+)
a"x 31'
)>#;1w
#<+L!+
OJ:X[ 6,G4E
R%Iw;C%
$)<5s"
8`<SOJ
<z|9d!
P9s}5;@?3c-GD+'
7&$~+1
v)(z'6$ L
n,"^,T
E88,PR
]!B//
&?B&I;l
z;q#D}
2;?J6\Q9b
*/.:O,/
@c->P3
t%C*+:C
8^`*Zh*
5m002-J"
=`7>ejF
S?.<E'
3^5Q8|TW
H2lR=.3
e5/kV2
?p:YO^>=d1
#uhU:Nv(
4*h!%E#<D;
mI27'?B
/$s:sz%{-;+
82 (<12w00}
="Q5|;
n&W-Q\"
/0<M;(My(
;x",68.
&/(x>=]
RD9g]3:
(D#K`
pvD/2l1
F!><u6VL
(- na:/
o5v$a7
ge0#f&
'Ue;GG
8cw>5Z
'Og:k"
).^,W,6
.YA%Ci
u!vi80X
{'%>95=w%@
xp:',OG?1-=
>=w3<9^
Nw:64I
e\%wy>(2
Df8=>}
6A7~d
4-"3Ye$/O
9\>O!E
Sp*)`;'9V
9ol+yh.V3)VA6
?&5:M`>P?+;%[
+g$c)'g
Kj)@~^&
9GH&>x0.;"%`
1>~a$|
p`13{#]<
U%ZO=:
r#""l7
r}(/1<,!zoq+2)"
 Je<q+\
4M:;.y~
$}5=N1@#Z)6;^<
9f$[.!
rn|.K{6
4Z0*X/L8
-9)5;V;
?d*e0+<&
gQY =t$ )|(+
|?/)=R
2h_/]!
n//(eN
#_.[@+p1
=?"J$9B;
:~z9Ys=-Y
JKz|5
ObP$ap
H#/,WM"+`&B+/#8~
;.]&*a{$3
LV6Z)-;3#z$a<
hGJ%v..
,N,s7W!$n,"
(af8j0 Nk4
]":&=0=
>.D;] 
@_9Ts_<
L.5W%q}8>zl
P8L1<~7>Y<
)P<+`7
7'#7G?UD??
J0z)=/
U};r;-=:w"T
4Ei0;n
m$B.&@mM7)
j3%")r
I6v1GK
8$|6vA
;k"z>Th
0w}3WT
6v!I43]
> '$i#
3#0%$,
6}+;#v3
;Dp`&?'Of
.3,;:u
4X+2Z#]B
;?2H8K?
d*,7.}
D<:mL i&U
$[!#.i(e97:<"
>)8<w>
Z#(;,?
3;^1y$
V%62GZ
X#<O,/
"Lb?0-
)4!o/H^_
.aSC;M]2
7"7IH=7B;
k)o6GM
p+J/Y-Rt&18<=',MM
R>(0(Wo
3TR\!h
v"!p9[#
1+ob4Mc
9f?D9+
(Jkl)l,
5_j824m
y9z ;A/6
C/.iE+K
E1_3M
I#Z].'y
<L~7S99;-
nL3v<=80
) -^8$>2!04
,"d3=/
*e+3fr9
{9!,12 x
.V+~/4%?/"-
5;.S#UW
8._4X-<>1!.
X%P;1Y`/
-O<M1'`
p6SjI5*
+-^-IZ,f]}5*a
dh$<n]6E
{/gW<0s
2|&<QM
 5d6O6J].
Fi8]7%Z6O(m,Y
?h}&,J
N:7!##
{/_,m"-_1
N0a2V)
o0by+Z
\'$'8;#
##;-"82K
E7/Sx)K
.#.r5cpi
z]8#5
d +?,I
!*j%n:U
<%3).)!d
W2@&GP
9R1>%P
M6pV=G
)8ph,#U-QX
-u#qs-
{]$DU4]
}3lR0!
7(JR;@W;~i
'8Z'5K
57J$9&H
C;3(%P*
+J=+/M,
3.%~)"7a
'`e:Il{
*71Hr>4z
=%>{(;+
!|i5m\
?64,w6{
129"V0
jt4)L]
q!q:q%9
l"D7n:Gv4FF/h
c[2v:|PB
&N1.P$
<?*Y!!'~
fY%X<#J 
1[*V#j8m'
#4U_8L
!.l3t'
O3 "89
,Y=(d,j
+s+O8d
S*ie:O,e
6!>||&-(:U
#9!~pah
Un7t-;$:z)
<0_O2Dc  }e
XA.-jx
5ai2`_
N/J2+!
-g=0}$&@
0=$%?H%
3"A,%^~".
,w!I~%c
(m,MW<J
[X()%8"F.
s:62.y
v(8+0in))
G#Ly/j$
/:?o/4
D%%#+c+
 [/w![.=
,K#2&E
n3^5.(R(m
F-h?r#
f92+$:<93n
6-K'_u<Y
5G0,4T<
N8r)E*
)^+I%eX
e#^=9S_]/+\
.8B'@:
#12$Bv.$
~0GT&C
Z8dqT.:%I
])nP)?3f
i@H{`
t,` 6X^)(
+x1"9$*
f.q3$8]t:=ap
F<7ai:
_u?,7.$)5
Qo)1<"
;)h4$6
? ,E+z
844W
`:A:&6
&<8-PJG
w(2?5X
u>8 o$
C5^0/GU`
)gH .t
!91S .F&5
E#80[+
z8 Y#g]?]C
8I4+D?0r5,_
R*>d&x
(pan)",
<7%K?j
[2F:2-3
z^=Ub1`
'!*1"z
o:>42T2O
x6y%#n8
vD&;$ ;i2
>k"HK7
LR=an6+~&x~4
rw34MC
@53[/!
p!C32F9*@"
.Q>}00I
'*8%`Q+\;#^
#7j%t&
5ep:<R0?>
/u?6. C'
k&<j)KX`'
*W9{=8
0-.T$=
+?82w{ D
-5RX2g5kB
x; ,T3w
56D7*=X#
r9Q,/?
Wj"Fw}/O
N8?=0z%':!
d7-L 2{-vK2
%UR=#&G(
RM.J -`
T-4'z6Ax2>D;?5M%@7
1%"..0
'_%;:%#$c6
@)*ZR)oF
am=^jI
3T6+5}
F~%(*
<G>S6##,
 /l6=l
?nEo e$
M}?i[9QZ
()h6m7p+;>
{Z7Jm=
z2D7XZb"(F+>$/):
W>O?4(*b
&s,AE'I
~4N52v
=29_4<S#=8)B*
*Y7*D%
9>sQ9[
1!W:"1I+21Z/
2xE8 5-
R2.1 T
B'I?.2e$kdh
wJ=81Q2.j#-C
}{';Y:|
E:0)p b]
f+~Q2D,X_
.??Q80%+
z?#V'$I
(t0P 2c%=)u3-~D?J.
W<JZ8`=:6
A"&0!H;AJ
,N] ):B7
^f1+15-
3w6h[:C3BW(;
"7>$6=3Mx"v#O
STU>2Kg4Zl
!M5ciX
`-[>D+
'a>2L-80:k9
GY2YX+
>_6Eh7s
B&e8im
?,I'*R%
 y6~.$
*^8:'}K
/6m'TW%M
v^3'-<=
l~j/;l
5:~*~n5.
c?y=.\$+M
`bj+o6!
r+53g%L
. 79/0a
>g=f|[
d;>1)F
=+ 7oL+(
 8 >dM><,U
()jE9--'
3?f*/t
f;!O.zY*
b#2=.u
q-P"#4
&9/#v<r
./^S%B2
}2$7.8S5K/B
1<Y>R1G
)C+0.W
G["f9&$+)
%2v47}.{R(P/
A,>sd( d
z>*9c0b7
F)5 8hgT
M?v~@8
tj0zf7~5
bd-NtI:]
"<30l(+?
1%#)Xn
yV^-\9!N3
)_(H*MT
}~.)mn
4O8;OU
t(uN 'o
t8LPX)Ck
#@b_&)n
$|i'k R
8W>(0+
${# G0B
N:-)=Z
8<r:0 
,H!'F9
z"I3TX
83-|(S35"wa
{F-Q\&>I0
]5`&+/
(4qvv
.&-},Pr
81)&$6
L%9;$'.Xs8) )u%o
)t.3G]
yB95c-
k9"[Q6r
A[)f"W
dN}<s#}h/cH?
+,L$ =
_o T+9;L
q!|Lm)x
]q5/# 
D*E5h
P#O$!rx
 N.0_z6
9e,aL7PW
G4X.4`!
#bC.e-
=<'.SI12
&6N>)&eX*
V4swc5aq>*
xcd2&4T&
4Ws)O~
)fp~68
| :*Z$
&nP})w0
9?02!'
NF/S$Y
uA&X}P
^R3+,7;;!
y1#F(J
'g#\!x
)>.%x;,Q9&='
#:C"E23!
8G_?&5
f--,rf
6h{(7?:3m1:W
6<=<1$Sz
6[$1Ci 
{(~5t!]
T*?,G?0:1p
"~)Pu)>vrt:x.>I$
2M,`@o<~
O80--%_<'yzO
9h{1A)0u2
J'!D2%1T,$c9
HD 1a=!
R"'!^2/CZ
;;0:>0p
HB,{g^,IsN:d
+[uE5(O
"+t*_-N<
17:D. |<wR
/67u2(
1`:!-%
^'/}6K1~9
b/J"1h
-$Y"$uX
a:0M"YZ>
{948-F
:r8j+9
\-Ga,"Gj
L068q#
8(4<[!
0$3>/N2jZR#
;"<v:giE
"q,l%h
Z;]y?8
\!=,,}&
y+'>>$"
5v3L+So
YK&)0F5VN
!8Jo5C
"L`<pH4%g
we5C<y
W#twx+^)
c)K$U,{
r,Gb::q/u
|583#y
83+D%e-
qUl2o
yU^'4//
0PQ),$&>' 
__4L#"
m2^(5+
aY4C-$uf7p:4M
35#o)K5.
K`4.V"Q
8{P/r~";
*+)*/x
G!::'k-Gc
"2D9O5
<7\<.9x8OV \
;`W:}N
?.HF0U
zT&R$l
&]+E>5
8Dh1!;4
8@3d o
'+7L".gV
B@"Sop
5q5\%)~
2ta0Gd
-d!cD87FW
W"I<<s+N
m7W'z?
1BF5Z{0T9
fS:(c$
G1$=x"M !*#5/I2LKj8x6E:a7RN
m.e.;"iH;
E*WFU=pf6
>Z(|_:n~
^C y6B'
h:O#pLl-S
N.JVr=`#(
Q*J<l9Xh
#yP16Y
Tu*$I;
mPd,HY"N/j
;t6M%[
,=MF&;,Ss C'^
&)rZB>
{|3I r:<&O5ee
c9?'mH
'";& 50y)G=u
pz;|!>
=JV=/P%J
lzb=yr8gi
"U);%%'W
R,>2l#
A1##5-
y0q&oJ
4cH++
bWE%J;
73:+$;b
Gf^1d@"~
m-^%mi7fX
kRJ&H={M5
=*E,J(.!
p0bH>e@
g(.H*:#
)+s<T?>(
$Q|==z
'F0v]a;L-O72"9(
R(9/2?
#+]#,k+-30
}Y-`C19
an4u{,O]9(
w6h^3+
6=>E5Du*&#
8Ns2PdI$b
6{.4h:Y8i#
T+u2DG.\
7.$M -
H`a*.#
;JR Ky5
 %^8:.
!Gg`.}u;cV4{
,kS<1
4=8goh+
0'?$RA3w
T457<0
,q!<8:/
'b&>:92,
`h-?&,0
9TmO@, bH Y
0l$y;5
73O.!:N5
 (62Fe8y
9-.KX%H%##
r!N=%Wr
 "J5{13
e/2<ny
~702:[
?gF1Gh&
<'z wZ
ovW*"Y<
7:`=L8]h4p
0`$3%w6:
0X[-T/
'Y8,4$
|X!W(23;Oa(
/#UT*>N-)
_0o-N7
;>#s%u3V8
%PP:]:>$,iN
3)t4.a
5649gq(en!.{){
T&v%;{V,Gi
[7x,qt] 
~>%F3&
m"?B>|c
.ob'Z*O
1)J;v!
84bv=!^C
?jY;N0j
\#X #=&,
V>[+yT
'0;+>_
"/&2 w7)
!(*<9x
81L#BTQ 
S?35[v
q"Gj#,`
 130L"
,2ay#W,D
fLg"p,0"
KL#c.T
vj"m!w?F/j
hr#(n2
q} 2(OD0w
z)+9`
rS/-@:
!2y`9(
<-Ht` 
aI;oo
rm<C[?O(
7<n$!\
Z%5EF2>K
& m;3(0;'+
+#gsz-B
%5}3(F(Gk
<-=`L
=&+;V%
6] !{4?u"Q
>H3j\h
DT4S+?
ND$X,Ml
&?7c,%;
{2$_*LY9
-Y:$S?
#.O790;_
5)B^';Gl;I:
s%+*l7<c
4HZ8)<$1%[
$&#{32]
pt/w^<
Qr7+"G,8V#x,:
+`!U>~1'}oe8!
>:_)T2#
J%y/"X
0A~!o8
VRA-rq&!
1^:9d'31
)?%&1 a
*5QK)\G#
Ux#Ih.
1$j.eR-
9E{'&1)
34w-
,)>w+9`m
E7Gm'Q
IG+/>(r4"
x.$Rp.|&`z
, vH2m
q3b9$A6[
@1@8/}.]
b2$7f8
/.,l"7`F
Nv/(:a
3==oR]
l+oJ >
5%-B'^
F;G!a\
m1..K3M
"-82=+
Y4'i8k
y,=k#5Q2
*F/%qA
,B?lw>#>'
)*|1'I5/k
5[)!q*&pr0
`k)=970'1
uU(=<#P
aE$4^"H-
!='+O'&s
Mr%S:*=?'w4@
Em(7>Cy
[4%!;h 
)Qo'))n-
ny<8J)
M5i3K!W
^9ul+r3
#&#"$~
:/S5e(1
(ZY/n3+0
s636(42|E
6.8f65(d
h vB3Flq
o+4K=V+?
75%eN+
q,)q<\ ~X
< 8){2
'"NL3#
l6`3hi3AF;QmB
&qj8OH19y<+
Pq('2?X
}+Nh'"'
N'pw8--MHg/4 "S
mc<9$W
'td"+8
<|1;s`
\=m).,
.c;%R
',WR7Cj
7R$$OG6
b;2=:+d=F
8<,4EF7
+?z={w?
=(.o//Bb0
,(8g:
>x05R'5:=v?S#>,T
)0F6a$">+}89a
]+W*G}
o5c7-V
S'\?$_
`M9#/D3
)drG0tR8s
u"k?0tc$5O
e6*E_9z8
[S!fwF*
Y["Gq3s=
XS?iEk(:!*=1R8
c${H.m
$gy%F->
+:%~&w
Z'59N3
i9Uv@
-.7IY2
y>,4+Zg:
"4<^+rc
;}'L./4
@Q$@+'
cr6.})4?40:(m
^.<@6
@:=&8,
t%pv0p
?(>z+ <
Gm+"U1X
J0,9-Y
}3_o:W
f OU2!
UA35+4
+,LsO6^;'{/
(j+#-:fG
cm26|;v
e(5s#3y
I1)u[!

Process Tree

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe (1128) "C:\Users\Administrator\AppData\Local\Temp\0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe"
- 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe (2236) "C:\Users\Administrator\AppData\Local\Temp\0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe"
  - 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe (1260) "C:\Users\Administrator\AppData\Local\Temp\0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe"
- 0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe (2112) "C:\Users\Administrator\AppData\Local\Temp\0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe"

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe, PID: 1128, Parent PID: 208

default registry file network process services synchronisation iexplore office pdf

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe, PID: 2236, Parent PID: 1128

default registry file network process services synchronisation iexplore office pdf

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe, PID: 2112, Parent PID: 1128

default registry file network process services synchronisation iexplore office pdf

0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe, PID: 1260, Parent PID: 2236

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
64.123.23.162
41.254.75.87
180.177.213.96
129.95.113.39
45.234.179.180
63.41.62.38
95.1.15.64
93.220.237.149
2.159.83.25
145.180.104.171
139.213.49.152

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1	131.107.255.255
162.23.123.64.in-addr.arpa
87.75.254.41.in-addr.arpa
134.38.255.227.in-addr.arpa
96.213.177.180.in-addr.arpa	PTR 180-177-213-96.dynamic.kbronet.com.tw
39.113.95.129.in-addr.arpa
180.179.234.45.in-addr.arpa	PTR 180-179-234-45.mafredine.com.br
38.62.41.63.in-addr.arpa	PTR host38.sub-63-41-62.myvzw.com
17.71.169.239.in-addr.arpa
64.15.1.95.in-addr.arpa	PTR 95.1.15.64.dynamic.ttnet.com.tr
149.237.220.93.in-addr.arpa	PTR p5ddced95.dip0.t-ipconnect.de
25.83.159.2.in-addr.arpa
171.104.180.145.in-addr.arpa
214.73.232.247.in-addr.arpa
152.49.213.139.in-addr.arpa	PTR 152.49.213.139.adsl-pool.jlccptt.net.cn

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	137	64.123.23.162	137
192.168.56.101	57665	8.8.8.8	53
192.168.56.101	51758	8.8.8.8	53
192.168.56.101	52215	8.8.8.8	53
192.168.56.101	137	41.254.75.87	137
192.168.56.101	62361	8.8.8.8	53
192.168.56.101	62361	114.114.114.114	53
192.168.56.101	50075	224.0.0.252	5355
192.168.56.101	137	227.255.38.134	137
192.168.56.101	58624	114.114.114.114	53
192.168.56.101	58624	8.8.8.8	53
192.168.56.101	62044	8.8.8.8	53
192.168.56.101	137	129.95.113.39	137
192.168.56.101	62515	8.8.8.8	53
192.168.56.101	60330	8.8.8.8	53
192.168.56.101	61322	8.8.8.8	53
192.168.56.101	55142	224.0.0.252	5355
192.168.56.101	137	239.169.71.17	137
192.168.56.101	56111	8.8.8.8	53
192.168.56.101	58005	8.8.8.8	53
192.168.56.101	64558	8.8.8.8	53
192.168.56.101	137	2.159.83.25	137
192.168.56.101	49986	8.8.8.8	53
192.168.56.101	137	145.180.104.171	137
192.168.56.101	65527	8.8.8.8	53
192.168.56.101	62324	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type
192.168.56.101	8.8.8.8	3
192.168.56.101	180.177.213.96	8
192.168.56.101	45.234.179.180	8
192.168.56.101	63.41.62.38	8
192.168.56.101	95.1.15.64	8
192.168.56.101	93.220.237.149	8
192.168.56.101	139.213.49.152	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	8887592b6dbd9be9_indian porn sperm [free] glans .zip.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian porn sperm [free] glans .zip.exe
Size	1.2MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c5fce15d7ee0f8f011575c8781a2ea21`
SHA1	`5a76b631731c409fdc7fe012c30e2c15a02b403a`
SHA256	`8887592b6dbd9be93d137dab6c9911b8c24191e7ff63061f837ecd0c7bd66f9c`
CRC32	`633EEB16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dcefd00bc79c97ed_hardcore public .mpeg.exe
Filepath	C:\Users\Default\AppData\Local\Temp\hardcore public .mpeg.exe
Size	152.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fb51b9f0eb995e94df9de0560463c51d`
SHA1	`cec4566fcd3d3b5492e27c78ff24dbcc17d30dea`
SHA256	`dcefd00bc79c97ed0818b18a1925819cf3485ed8ca1770e90328fa559aaedb8d`
CRC32	`509B9C85`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d3e90c2a67613fb9_xxx [milf] sweet .mpeg.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\xxx [milf] sweet .mpeg.exe
Size	300.7KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d8137df870dde8d074680d8e90928492`
SHA1	`a71a1e367047725b501698ea3ef8b5941a64c48c`
SHA256	`d3e90c2a67613fb966341dadf0d7db2fb912e5a0c37c4b620756f2014b974824`
CRC32	`61334EE1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce2a0e52cd92149c_danish handjob sperm several models black hairunshaved .zip.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob sperm several models black hairunshaved .zip.exe
Size	904.1KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c118ef91465b7816f9057dab63eb965b`
SHA1	`98bc4b01a49fc8c398999545afc04dbf4d4a38d0`
SHA256	`ce2a0e52cd92149ca1d54ea3b2860565412931049de645ab5944c44151f88a37`
CRC32	`0A5701A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a372ec3ec3e8989_trambling girls swallow .mpg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling girls swallow .mpg.exe
Size	1.9MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7c6333fe4594525daeca0e2b127de838`
SHA1	`521d5604b1c8700db783b690f5d3cb8d361ddfcf`
SHA256	`0a372ec3ec3e89890adc247a32415373dfe86f7c3aa3aa849b3f4dcc1328f68c`
CRC32	`9A31F87B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc8a8f5f8a1cf3cc_american action trambling [milf] mistress .mpg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\american action trambling [milf] mistress .mpg.exe
Size	1.6MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e45f241c7358f2a40f569e702574146e`
SHA1	`90b43c2bff4d92963e2af50c606e693826eb73b9`
SHA256	`dc8a8f5f8a1cf3cc8695a45913955c052339d476564139a5a31e79ec17c3a6e7`
CRC32	`7BC97DE5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a4ed64debf2f950d_american cumshot sperm big sweet .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\american cumshot sperm big sweet .zip.exe
Size	398.7KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98dea159030e41814e38937818767cdb`
SHA1	`87e39ca8ce68908c5b2545342e05a1f3fdad3d6c`
SHA256	`a4ed64debf2f950dc1ff275195ec5771f6c4cc77b8605cdb98a81e8d44d4c0f6`
CRC32	`CD3E639C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c4def7bc6c93f71_swedish animal lingerie [bangbus] cock castration (melissa).mpeg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\swedish animal lingerie [bangbus] cock castration (Melissa).mpeg.exe
Size	400.9KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56f0d3c4c1ea9284008179ed7126d17b`
SHA1	`296e4d752acf754b9f592bcd2d88d8780906cc96`
SHA256	`4c4def7bc6c93f719453406d4a7ce8a14c1d5db008d61676ed71d399d725785f`
CRC32	`EFF68E95`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7eb1167f1d40d3f0_russian porn blowjob full movie feet bondage .mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\russian porn blowjob full movie feet bondage .mpg.exe
Size	861.2KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ba69aed5dd2ca9f42013d7955fea32b1`
SHA1	`7d1eaec3e441fa70af2a9352bced0c85a4ed258d`
SHA256	`7eb1167f1d40d3f0ab9a3dd2ded427022d20676d8ae84d9daca6f8172a329bb7`
CRC32	`00656D4B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f8ae754223ffebb0_blowjob several models hole (anniston,jade).avi.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob several models hole (Anniston,Jade).avi.exe
Size	167.2KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eb66d40cb3c545b0794f739573d8158b`
SHA1	`3b4242007ce090a7749beedbbb622fafe6d39b26`
SHA256	`f8ae754223ffebb06037e9f4cf3603cd3aaf1b32b93df12af34c0e72bf41a71f`
CRC32	`41218A98`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	070e846e7089cb2e_indian cumshot sperm lesbian 50+ .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\indian cumshot sperm lesbian 50+ .mpeg.exe
Size	1.3MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`01fd0c43b4edcb35c8c97edac7d4add0`
SHA1	`90339467c1f077d1beb1e320f9e2a9bb0b783bca`
SHA256	`070e846e7089cb2e40c751043f8323808de97871686263ede2f0c1ff833b9515`
CRC32	`F30C82A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4fd009ebc3050366_russian cum sperm licking cock fishy (melissa).avi.exe
Filepath	C:\Windows\security\templates\russian cum sperm licking cock fishy (Melissa).avi.exe
Size	1.9MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b91b202abcfccae972a856555a650896`
SHA1	`add129e3b1fab112d0384e4a6053c33ae895ce89`
SHA256	`4fd009ebc30503666c7dc122fc3080251b874382a3642821511bb6d756bae487`
CRC32	`07AA371C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7680f0a3c520f868_hardcore hidden ash .rar.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore hidden ash .rar.exe
Size	233.3KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4baf69ab45334756eaeacb7e16ccda9c`
SHA1	`90aa9bce60f1f02bf51ba3910c875408f2d3468a`
SHA256	`7680f0a3c520f86838078ac52820d484d6685ac495a4ad6b845c785e4e50364c`
CRC32	`D6631260`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	08d828637ec989c9_danish handjob fucking voyeur bondage .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\danish handjob fucking voyeur bondage .zip.exe
Size	343.3KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4f99ed5bcedd1ae992ade718e559c5e3`
SHA1	`3648139da5ba68463570271f2ac32b28f12a3da7`
SHA256	`08d828637ec989c9a9043aba65eb2dcb83ee964b5575977e2d8a669d476fda5d`
CRC32	`598F5438`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7ecb30ec82540775_blowjob licking .mpeg.exe
Filepath	C:\Windows\PLA\Templates\blowjob licking .mpeg.exe
Size	1.1MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c01f949db05d5d01e205aa4b5f148dc5`
SHA1	`a2992ce66f1776bce0cd8a81bc646029b310ee63`
SHA256	`7ecb30ec82540775416da3de84d597fcd7499fc0c70241323cb32095e8480945`
CRC32	`FCEEE980`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	440479aab669d753_black cumshot lesbian lesbian feet traffic (karin).mpeg.exe
Filepath	C:\Users\Administrator\Downloads\black cumshot lesbian lesbian feet traffic (Karin).mpeg.exe
Size	1.8MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd568e5239068a4a84c48893912e533a`
SHA1	`5c2e2e06187d7bdae1d081b25181f2fd3d716347`
SHA256	`440479aab669d7536ea220361b1a442aa1eb20316dd164130eac03280378dbad`
CRC32	`C111B435`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2c391d100aef4f3f_brasilian handjob gay uncut bondage .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\brasilian handjob gay uncut bondage .mpg.exe
Size	2.0MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`39babbb74b80f6bfdf9298605493e5af`
SHA1	`2e102d538bd4a18c2c8eefffdd981c02a00cb5de`
SHA256	`2c391d100aef4f3f3460ea9bc352ddb9b47deea83be147a11fac53871ca7e2b0`
CRC32	`79C16811`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88024425118074a0_hardcore hidden feet .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore hidden feet .mpeg.exe
Size	1.3MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d184e17fc17fb5aaecfca582144fd784`
SHA1	`a3c1ed2888f0415f244536ccae9a2fa544178a2d`
SHA256	`88024425118074a0cd6322385c209f3ecdc5c2aebd0b82f832caf8c63d3872f9`
CRC32	`456A5ACD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bf8f6e210aa3ba93_indian kicking horse sleeping feet castration (karin).mpg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian kicking horse sleeping feet castration (Karin).mpg.exe
Size	931.6KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`12a87940dbdf89b46d078b811a276537`
SHA1	`018c4cc5bd39efc7886b2c0764ae0fb4d6740095`
SHA256	`bf8f6e210aa3ba9385a5d20ff044941d4baed8ce5efeaa7b987f6b642052bcb7`
CRC32	`0CC9666D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8ba0ce5ed7824263_swedish gang bang lesbian [bangbus] glans .mpeg.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang lesbian [bangbus] glans .mpeg.exe
Size	1.7MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b98a4dc5f8f0200526fdf8ce66866973`
SHA1	`56ffa792c1185d364b78adfe51f9b8d0f8dd66a2`
SHA256	`8ba0ce5ed78242630d74b4cdc36d6b54abf776df1cfaa4c0037c27ebe9f2f6dd`
CRC32	`C2A77062`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f880a495ef961177_danish cumshot xxx lesbian redhair .rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cumshot xxx lesbian redhair .rar.exe
Size	1.0MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9b955fbb8ee6e0e3cd761fe30d90daa2`
SHA1	`34e6891d379ba8ba9003643c95f815eaa979d811`
SHA256	`f880a495ef9611771b5271efc1eccb4d9152ee0acdf6dba25339ca6a08b60346`
CRC32	`44E7CE16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16396354a9b735b6_sperm hidden ejaculation .avi.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\sperm hidden ejaculation .avi.exe
Size	950.3KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8cc4f9b627ada06928c1bec58a00f91f`
SHA1	`d7620536b168d04e208660ace21b986cafcfab0f`
SHA256	`16396354a9b735b604e8e688eaa18d6634403657dacf5436d96cadc20b23eeaf`
CRC32	`EF1E000A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	237f27c572b2f9b7_gay [milf] feet bedroom (melissa).zip.exe
Filepath	C:\Windows\assembly\tmp\gay [milf] feet bedroom (Melissa).zip.exe
Size	1.7MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07965fd2545777ddfaf32fc96c06889f`
SHA1	`df54c681609d3a15bc9f2f721777c20e23eda26f`
SHA256	`237f27c572b2f9b781fc8175aab3401f5b2b2286fad6e05308ba363bce2c8626`
CRC32	`5E691280`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	664058a8a5701092_japanese fetish hardcore sleeping beautyfull .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish hardcore sleeping beautyfull .avi.exe
Size	1.2MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8ea1357eeea9da566c211eeff5747051`
SHA1	`9d3365a52834c280848516e4e5cc942ce86038ed`
SHA256	`664058a8a57010927f22a9a66940d5861290c96a3552f802acc9e3be92434b73`
CRC32	`D83DC12E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	415a8d20389a01a7_swedish action beast uncut .avi.exe
Filepath	C:\Windows\SoftwareDistribution\Download\swedish action beast uncut .avi.exe
Size	1.8MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`42d39b854a255abbeb7e16e8ba65b2b3`
SHA1	`253c3129760d05a2309c30bdde07821fe21fda64`
SHA256	`415a8d20389a01a76059c42838cad81d98374625a29b9667fbb2386eb1b9bc80`
CRC32	`097FE976`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	80d00fe54aae6d1b_russian porn gay full movie (jade).avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian porn gay full movie (Jade).avi.exe
Size	155.9KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6ceb15cdc704647d4024e276a4079ebd`
SHA1	`bbb2c68609182027a3dc0c5e13067bb659b5494d`
SHA256	`80d00fe54aae6d1b5a54749472a7a4c48d9f85c25f6c5b9c9818826cb7475759`
CRC32	`7C2CD707`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	195d5fd5facb4551_trambling public glans pregnant .rar.exe
Filepath	C:\Windows\Downloaded Program Files\trambling public glans pregnant .rar.exe
Size	499.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f570ac1b9b5115ee3ad931dc18a8a2a8`
SHA1	`914fbbf984f574fd666a7a1179d58ed89adb7be7`
SHA256	`195d5fd5facb4551a76d6b77cae61a6cf7b69b613c7541982a36f240dd9fafbc`
CRC32	`B754BC2D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	748306469961e2d1_italian porn gay sleeping hole fishy .rar.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\italian porn gay sleeping hole fishy .rar.exe
Size	1.1MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8f823d8ff170178707ed131528b5e65c`
SHA1	`ec5bd354381ccf6fe2512e02962b8f866fe2325e`
SHA256	`748306469961e2d10c41f8cfc8003ec0c1737a29ec69656f0fe04ba02af342bd`
CRC32	`E11A767F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	feac501ed68e67aa_japanese porn gay [free] bedroom .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese porn gay [free] bedroom .mpg.exe
Size	1.6MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8d307fd41c332e1e9a72083f7be3ddc4`
SHA1	`2d0687230e697e23a5dc958304c3f58e14409c61`
SHA256	`feac501ed68e67aa2d36bb5dead6c797fbd4a89ddf10178eaa9cce15b11bc910`
CRC32	`CC7F9964`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e9b7ae055ecade2b_black horse beast masturbation stockings .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\black horse beast masturbation stockings .mpg.exe
Size	2.0MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4af3d652b88e639d2ad1d7cafadb036e`
SHA1	`49c94a3d73864c0d27be88b604333840f6dfeade`
SHA256	`e9b7ae055ecade2b77785b031496163518f56c5cb9f94b30b195a94f2b47ce08`
CRC32	`468EC428`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4295b09dd0199552_italian beastiality blowjob voyeur hole boots .avi.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian beastiality blowjob voyeur hole boots .avi.exe
Size	1.5MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1d3a2c00e2cefac64cd97af7e3a59157`
SHA1	`ba141f3779df95b3ce48aec0864b8a731d529ddb`
SHA256	`4295b09dd0199552e4e2512f7563aef35c37f7c12fb21db2dc156663c2af5977`
CRC32	`B032CE0C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	938c830b5e18f234_lingerie girls mature .zip.exe
Filepath	C:\Program Files\Windows Journal\Templates\lingerie girls mature .zip.exe
Size	212.6KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`67c20b1eead1b9d9dfaa5e23bf539ff7`
SHA1	`766e11b7e33aed9b411c5cfb481f0917a0f539a9`
SHA256	`938c830b5e18f234e0a7bd66fee55318b8281291f7c013cd2bbadca1686f8904`
CRC32	`ACCED643`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31e682e3625f92ce_indian porn blowjob [free] .zip.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian porn blowjob [free] .zip.exe
Size	1.3MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`11d93819485f2d111d3a358436b1ec62`
SHA1	`3313942877d732ec31b5098db8f70c9cdc845a08`
SHA256	`31e682e3625f92ceae91f44d3374eb959d010236d567dc4f600d8d48a2dd4ceb`
CRC32	`6FD65D5A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb87f32907343419_indian action sperm licking mistress .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\indian action sperm licking mistress .mpeg.exe
Size	368.9KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a0b7bdceb324c5604a4763d4e6527d68`
SHA1	`0cd2052e57740824c7177b638f8448c01d9064d3`
SHA256	`bb87f329073434190c0b2862fce915aa03fffd64b512ea955d476fef8c84e900`
CRC32	`2740A06B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9eecdc8655fc7a70_swedish cum sperm public glans .mpg.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\swedish cum sperm public glans .mpg.exe
Size	1.4MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5c55fecd263deff2bd0a5c40f00544d6`
SHA1	`60569a316033a9b8d642a615a5a22fecd1222387`
SHA256	`9eecdc8655fc7a70c85c1fbb09c4f182aa66b0dff084c16dbfc7309371d53e38`
CRC32	`9CB2611B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2fabea538bb0113c_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a9ba6b9e1290373957ffc8007eaab251`
SHA1	`e3a845edad68b935c54c2db6164cb1c7d2e61c45`
SHA256	`2fabea538bb0113ccf6aecb170fe21d917d2d63be00d579e7a5b4bcfd3140070`
CRC32	`D6421967`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a34ce20e1ac6bd2_russian beastiality lesbian full movie .rar.exe
Filepath	C:\Windows\assembly\temp\russian beastiality lesbian full movie .rar.exe
Size	541.3KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0b302982d9cdf7b8722334a04b57cd79`
SHA1	`fc1fb0ab51bf1404c228c0e93a3957d06ed535cf`
SHA256	`2a34ce20e1ac6bd2c05ea233d9d1c5f40f7f827780df25e6f5fdb1fa61ea42d7`
CRC32	`7AC38BEF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	006a11232e929942_american handjob beast uncut .mpeg.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\american handjob beast uncut .mpeg.exe
Size	1.1MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`89ce403a5ca83fe8b0e009ce51446a60`
SHA1	`2f5a99dbfde1d5964569f23e3876b655f203a18d`
SHA256	`006a11232e92994269fbbd3da7cc716aa7eb5b873b2086befa82c7c3b19ff019`
CRC32	`4C66C4D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	87ee5806dd75c4ae_lesbian several models hole ejaculation .rar.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\lesbian several models hole ejaculation .rar.exe
Size	666.8KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c1b6c823405c1fd463658395805cafb9`
SHA1	`633b0e2252c1143f35f132dbf474fa4332b48a2a`
SHA256	`87ee5806dd75c4ae376ef8505a9e27299c729a2829d8783a4ed9fdac4f0925f8`
CRC32	`1B04816B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	47d91b0ef5aee4c4_indian kicking fucking hidden penetration .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian kicking fucking hidden penetration .mpeg.exe
Size	1.8MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7e3772fa63ac542218e1cce14f35f5f0`
SHA1	`dff61e83c47341f7cc38821817680cef98a9f8b0`
SHA256	`47d91b0ef5aee4c41dcdf419f4b0c0f01309e78a31e6976f3903fbdaeb03337d`
CRC32	`4DB59266`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2e39cbccb089c00d_tyrkish animal blowjob hidden hole sweet .avi.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\tyrkish animal blowjob hidden hole sweet .avi.exe
Size	1.9MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`feb376160267aacc22d4f24ac8a632ac`
SHA1	`9a4605eca1ba9903740a218d960b654873dfe894`
SHA256	`2e39cbccb089c00db421ec9e179d3ec4879059214b9d6f66bac8336b0b309c00`
CRC32	`01D75AD4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb10bfcf77d0f393_blowjob lesbian sm .rar.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob lesbian sm .rar.exe
Size	621.9KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e47abe3b33b7dd1bacca01d14abc1f0f`
SHA1	`e5f589805b38d41d53f9c1e89fb4de597dd8d13e`
SHA256	`bb10bfcf77d0f393c46685e9692055054cd71e066775459a47d60cac768c994e`
CRC32	`46A81797`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	125d75f4c59f7394_gay full movie feet beautyfull .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay full movie feet beautyfull .mpeg.exe
Size	170.8KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c7071ce1a601842c9e3c1db12bb804b5`
SHA1	`adc18ce3b9bc1a095a4857795af89f41c5990a35`
SHA256	`125d75f4c59f7394f5c8921878bafb79162fc5bc9658a5fa1ef3cf3bf6cadfc5`
CRC32	`B4A69BFC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	00df371c66cdbf1f_horse masturbation redhair (sonja,tatjana).avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse masturbation redhair (Sonja,Tatjana).avi.exe
Size	142.5KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5c168077ef40da40daee9f7de91b45bd`
SHA1	`2b85c89eaf3ed2dc5cafdabde779ca5c1db9d8f3`
SHA256	`00df371c66cdbf1f15250ef35c7b6283712e28247dff8013064922ae5062414b`
CRC32	`1808B1C9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d7b8f89545dadb7a_black action blowjob several models young .mpeg.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\black action blowjob several models young .mpeg.exe
Size	187.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e3bea0517c0a69572eb8fa2a539e221e`
SHA1	`63722a7c7d53234e69885c823fe84cc74f5d6406`
SHA256	`d7b8f89545dadb7a6d22560eacdc5a4eba70e12d7ac8adbbfbee542e9269a7b2`
CRC32	`7E41C221`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1e08dc364c721832_gang bang lesbian [milf] femdom .avi.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\gang bang lesbian [milf] femdom .avi.exe
Size	987.9KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0a068cb8832c01bc046f7f25de18409a`
SHA1	`90b50b15b7a420bd9c1fe0c030919636880e5cae`
SHA256	`1e08dc364c7218325ffa6436a70e06f60f84bb47d710f99199513a3e490ea706`
CRC32	`0A34032A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8e73f6c92ed2c2d7_sperm [bangbus] .mpg.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\sperm [bangbus] .mpg.exe
Size	2.0MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6a11b70c3cf444e62b4d4ed34d8c8fe4`
SHA1	`7ab85f9fbe017274431cb7aaf2bff443ab86b8e8`
SHA256	`8e73f6c92ed2c2d76497fa53a1dde24c5696449e861f11a030a67668a1cc2941`
CRC32	`C37B47E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49ce801886e24bfc_black cumshot xxx [milf] (jade).avi.exe
Filepath	C:\Windows\Temp\black cumshot xxx [milf] (Jade).avi.exe
Size	770.1KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5912d6927b744869abaab0169e0bf3a0`
SHA1	`5b75e2eded91f2db90b55a14861790f5d7795088`
SHA256	`49ce801886e24bfcdd1b4e2facad6684bf0e47a1a3225d4fe49ac98996d2426f`
CRC32	`02CB4EC4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9260982ba689cf72_hardcore [milf] glans shower .rar.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\hardcore [milf] glans shower .rar.exe
Size	913.8KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`983c26511db4154b0d332186fceac4cb`
SHA1	`2d55c687acbf66d9b5e11fcbd4d8ef6ec21c6fc0`
SHA256	`9260982ba689cf72f4a0c66ac9b9f1ed529f4a5b54a1c038a645e2af98db56a7`
CRC32	`8EF7B750`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a58de2683c96532_indian cumshot bukkake masturbation titts (christine,jade).mpeg.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\indian cumshot bukkake masturbation titts (Christine,Jade).mpeg.exe
Size	1.8MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`78b4c024e7074a5995ea5cbf3d0251f0`
SHA1	`68a428cb3560059a709b2d13787c720407e4273a`
SHA256	`9a58de2683c96532a5a5bad67c38b2a98c86f26601bc2f8b77de247ba6310f8a`
CRC32	`3FAEE3CC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d3083d6695071d8_porn xxx [bangbus] feet (jenna,sylvia).rar.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\porn xxx [bangbus] feet (Jenna,Sylvia).rar.exe
Size	294.8KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e46d377767c7098f9d3d7827e154ceab`
SHA1	`f1ac3d70c5994864fe84f3abec9ae6e455648a8b`
SHA256	`2d3083d6695071d8ea2c4c401e9f5bc8d247f45a356679c87496c464efbf58cb`
CRC32	`984FF9BF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1628280f7cf13128_indian handjob hardcore hot (!) circumcision .avi.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\indian handjob hardcore hot (!) circumcision .avi.exe
Size	2.1MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5fce615e67aecc9af450a460c3d69b4c`
SHA1	`81cbbc48907f07956761a57a59e79bd5f55cf896`
SHA256	`1628280f7cf131285794f6a1feb506672d5419c68c88630478875742676514f2`
CRC32	`CF3DBA1F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d4859ae0d49025f9_blowjob hidden cock (britney,janette).rar.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob hidden cock (Britney,Janette).rar.exe
Size	1.4MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ebf823e7417a5f271d8b2828a7559412`
SHA1	`805114920013aa8bc3ff85f9efaefe6d2062163d`
SHA256	`d4859ae0d49025f93b9815d2e6c7fe0e0864e6b4e2520540c86b066e650a9d0b`
CRC32	`861C9907`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	382a9d5cecc26bb3_lesbian hidden hole (sonja,samantha).mpg.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\lesbian hidden hole (Sonja,Samantha).mpg.exe
Size	1.9MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`06b11a679ec663cdef8834ba1dc52358`
SHA1	`d1ee7eae2377838ef23020a97f4210ace52ea2ce`
SHA256	`382a9d5cecc26bb3be3004eecc3be3d5f5bd36552f0ca49e3c457f63dbff03df`
CRC32	`0F537960`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c4558510b6120892_trambling licking titts blondie .zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\trambling licking titts blondie .zip.exe
Size	1.2MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3d9dc9f814df68582356627ad71a6220`
SHA1	`07ebee136a469f8c29f8682d0f59a9e078b9600e`
SHA256	`c4558510b6120892aac0c28916111c3070f94742b751708b9304f77f1f3a7f5c`
CRC32	`77C75B0C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b2a0bcb75b4a760c_lesbian uncut .rar.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\lesbian uncut .rar.exe
Size	928.5KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`71029f684fc7d0c8ae704fa8165a9277`
SHA1	`b8c4efe3b1a76962e0217a5a91a7a926889367b8`
SHA256	`b2a0bcb75b4a760cbb1e406a42b079c64105713e5dbbe9c0d2fdbc3d42d2cca2`
CRC32	`4D9EF7DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40a3db8c3fa36d26_italian action gay licking fishy .zip.exe
Filepath	C:\Users\tu\Downloads\italian action gay licking fishy .zip.exe
Size	956.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1e7c00af31fb8133283f9def9b08741d`
SHA1	`0248e0be5fb43ee78b2262b9c1ae14141eeb85a3`
SHA256	`40a3db8c3fa36d262a800efca3ae5c89e462c033d76c9da22ff1cab315f36c73`
CRC32	`AA4810F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a37f99819f5e1f05_danish cum xxx uncut .avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish cum xxx uncut .avi.exe
Size	201.7KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`48ad8a8771f2fc036cd6ff4bc9931b0d`
SHA1	`1d650aeb096b7b22d91b93fa356062475137bbc9`
SHA256	`a37f99819f5e1f050c20a657dbbce4cdea1c000f511983ba0d72fd145a5f646a`
CRC32	`8BDD99B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0493e94888e5bd4a_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	1.9MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6af7d6c49c750d448842973e89654705`
SHA1	`fc8bc44b7ae12188b5da6ce4308088e1b825f997`
SHA256	`0493e94888e5bd4a7d81ecf21886ae59f03e628bc7f5376b72178da339cf237f`
CRC32	`ECE3389F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	531827b9896b8beb_danish fetish lingerie public 50+ .mpg.exe
Filepath	C:\Users\Public\Downloads\danish fetish lingerie public 50+ .mpg.exe
Size	1.7MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c268930c9a29b1aca47682f0904b87df`
SHA1	`c8dda82afed294922f786d6bc2545502059bb29d`
SHA256	`531827b9896b8beb307fc6340fbe3347a7b9dca8e5eed78e8093014471839c56`
CRC32	`3C84A368`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7e1295b91aa70211_black animal bukkake masturbation cock pregnant .rar.exe
Filepath	C:\Users\Default\Downloads\black animal bukkake masturbation cock pregnant .rar.exe
Size	2.0MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56328342568b800c6ba947cfb389d486`
SHA1	`a7b0ab969006423777e13654b6cfd4c97d421e7e`
SHA256	`7e1295b91aa702118673804ee667a8f18e4ee88248a47b7e71f33b5ff1b22295`
CRC32	`52D3420A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b442f2bf2e269035_black beastiality xxx [bangbus] .mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\black beastiality xxx [bangbus] .mpg.exe
Size	398.2KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`43709382297bca69be8c1476f6385389`
SHA1	`a47ab24b22daf6e64a71f57df03c7dd8dde73458`
SHA256	`b442f2bf2e269035604bf435cec0d6f79332e50b878a5ed2fe86fad0e1c4cbf1`
CRC32	`CBF095C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c06208ac4762fac_black action gay full movie hole high heels .mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black action gay full movie hole high heels .mpeg.exe
Size	813.7KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`479796e611204989f409bc2df016aba8`
SHA1	`d2ae6fc962a1f7684ad2ed1dc9492e86ab8fd95d`
SHA256	`8c06208ac4762fac88f35315293ab89cd919b59dbf6fc3663b872016b79aa11e`
CRC32	`EFF00BA3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4ec32683f34cd7b5_bukkake catfight stockings .avi.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake catfight stockings .avi.exe
Size	1015.0KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b3d1b8edf1ee10a6e6c67558bbebad2b`
SHA1	`e8ba5e61b6cfea026e6632e8c77f68e58cfd5179`
SHA256	`4ec32683f34cd7b582500664beab001de8d11d5188f705a7c3fab8447df88d75`
CRC32	`5E68C66E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aff6ab0c0eb58ed6_horse several models mistress (anniston,sylvia).mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\horse several models mistress (Anniston,Sylvia).mpg.exe
Size	169.5KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`df2d3bef078984d8ea61eee447272b5c`
SHA1	`f85147696850fe8d162b1b4a3f55767ab24735d8`
SHA256	`aff6ab0c0eb58ed616ba240e7e24e604de8fcc434ea484e5b20658f8af28efee`
CRC32	`83AD9B42`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a71c98428bb92d64_sperm sleeping black hairunshaved .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm sleeping black hairunshaved .mpeg.exe
Size	1.1MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b89b849f8755fc7ac044bc1ec6298c3a`
SHA1	`98d19583e496b191a59564a71e5126ffadd71c16`
SHA256	`a71c98428bb92d64fb96011b419be6db1a26862d80930d1331b0ec21aff2416a`
CRC32	`302A8EF1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	963ae6ffb7618edb_indian cumshot lingerie sleeping femdom .rar.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian cumshot lingerie sleeping femdom .rar.exe
Size	1.3MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a041f23889b8f8b051bd679b1e698db9`
SHA1	`5d51efa23eeed3f56a2ad581fdef88ade387bf6b`
SHA256	`963ae6ffb7618edb8ed193ef27b5a33531ff671fd2ba0f08d1e68175281a3fbc`
CRC32	`8C0938C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7b04a3021c9618ef_brasilian action lingerie sleeping swallow .avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian action lingerie sleeping swallow .avi.exe
Size	1.8MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cff18aae6fc1a58a509d8e254bffcec0`
SHA1	`ce501a277d1e8fd9d6d6429fa09002e4fb1f6281`
SHA256	`7b04a3021c9618eff8d0037cc1d00a91906e317a333d240b9b4128c19c4db42a`
CRC32	`592AC9F8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8cef1a098073ca80_lingerie masturbation (janette).mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\lingerie masturbation (Janette).mpeg.exe
Size	1.3MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`894b62f6d12408f532803335d7716cfe`
SHA1	`88efcf0d8de50d4e4434d43efc8e401a9162b34f`
SHA256	`8cef1a098073ca805814df89b45d290e76b89c4d506d9af5ff72016036c17581`
CRC32	`69824F0C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9370b1a42c9e1d8_xxx public cock ash .zip.exe
Filepath	C:\360Downloads\xxx public cock ash .zip.exe
Size	557.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7826a00a6b925ef57656248cfa8bfbb8`
SHA1	`58e512285af3abc6a54d2ba9199a47d76bf88459`
SHA256	`b9370b1a42c9e1d8a875cddff8ae507b2383e463966c958e8431dbb76eaa8cdf`
CRC32	`C5E5AA16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b76503a5024cd6b_italian porn horse [free] cock beautyfull (samantha).avi.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\italian porn horse [free] cock beautyfull (Samantha).avi.exe
Size	160.2KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5f0558383935028700330701f6091662`
SHA1	`946ff0c42062b1679d4bf0bed5e0580ec0fb0b47`
SHA256	`5b76503a5024cd6b0542aaf3263f9d43ca2fd3bbcba7592cf219e4531f54c59c`
CRC32	`FFA5E4B8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d72902b5efe6307_beast public traffic .mpg.exe
Filepath	C:\Program Files\DVD Maker\Shared\beast public traffic .mpg.exe
Size	1.7MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bb7f9040bf51154f0af90cae1803282a`
SHA1	`d45caded43cf5457445115777504f25c3ee0bbfb`
SHA256	`2d72902b5efe63076d2d7d5ff2aed50d827a796e2df5afe683cb188da331c80c`
CRC32	`E985EDE8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b314a6cec3b00450_bukkake masturbation titts .mpg.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake masturbation titts .mpg.exe
Size	813.3KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9c8b0d006302b5165d6cba75052778cd`
SHA1	`479be75580f3eaac5b6551b999a7049b8b2919da`
SHA256	`b314a6cec3b004502d7ad94861d83a1f5084b66e9d7d5c9e38c127eabb93cbde`
CRC32	`C7BA6E45`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8dea5305a2bb6e89_indian fetish lesbian hidden hole .rar.exe
Filepath	C:\Windows\SysWOW64\IME\shared\indian fetish lesbian hidden hole .rar.exe
Size	1.4MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25733fa980ac33d540e7585f104f84dc`
SHA1	`630c3d43e9f47f10b9ced936c9eca6dd401893dd`
SHA256	`8dea5305a2bb6e89e51e796915bf0fa949704e82a8c90b1aa6776a38f9e1ef05`
CRC32	`2DF790D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	48e274b79de6efa7_tyrkish nude lesbian full movie .rar.exe
Filepath	C:\Windows\SysWOW64\IME\shared\tyrkish nude lesbian full movie .rar.exe
Size	1.6MB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7ecbaedb8fcd316ec4e6b66da12beccc`
SHA1	`7563503b6d90569bf7b6aa4bce2f144150872fe6`
SHA256	`48e274b79de6efa7d76ff2ce29d73de10d706eb127898d3dc3c2b5309ae21b6a`
CRC32	`272A4881`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8b732cb1aa4e4d3f_danish animal trambling catfight glans .mpg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\danish animal trambling catfight glans .mpg.exe
Size	668.6KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c1350921874ed7fde29e5c143cf3a4af`
SHA1	`64b7952ff5976c448d3373dc4779d6ae2ffa436f`
SHA256	`8b732cb1aa4e4d3fbe5df2237eab5ceedce1caa9c2bd19f559300eab01ef5e7a`
CRC32	`18A8864E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce126d1e8367a0a3_lesbian full movie (samantha).zip.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian full movie (Samantha).zip.exe
Size	910.4KB
Processes	1128 (0916515036a4ead15480bc5f72607e5421cc5eff820f24aa367717f8f505d3b8.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f46d6fc2e0dab6909785c915854e8f4d`
SHA1	`f63feb3a78294741a862c213f76f608a32f2c9c6`
SHA256	`ce126d1e8367a0a36ea7ddb65460d9ceafb8ddc4e11f4edaf3d213a23843ce65`
CRC32	`9E049B7B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.