SmartHawk

3.7

中危

56 个模型检测该样本为恶意！

重新分析

下载样本

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe

分析耗时

149s

最近分析

389天前

文件大小

253.0KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.14

FACILE 1.00

IMCLNet 0.70

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.70	Unknown	0.21s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200703	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200703	2013.8.14.323
McAfee	GenericRXKN-BX!7964CE5DA8DB	20200703	6.0.6.653
Tencent	Malware.Win32.Gencirc.10ba4358	20200703	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545319.547125 GetComputerNameA	computer_name: TU-PC	success	1
1727545319.563125 GetComputerNameA	computer_name: TU-PC	success	1
1727545319.578125 GetComputerNameA	computer_name: TU-PC	success	1
1727545319.594125 GetComputerNameW	computer_name: TU-PC	success	1
1727545321.860125 GetComputerNameA	computer_name: TU-PC	success	1
1727545321.875125 GetComputerNameA	computer_name: TU-PC	success	1

可执行文件包含未知的 PE 段名称，可能指示打包器（可能是误报） (4 个事件)

section	.jxmnr
section	.lpkez
section	.g
section	.i

一个或多个进程崩溃 (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1727545342.625125 __exception__	exception.address: 0x73db7853 exception.instruction: mov dx, word ptr [eax] exception.instruction_r: 66 8b 10 40 40 66 85 d2 75 f6 2b c7 d1 f8 5f 75 exception.symbol: WNetClearConnections+0x2de0 WNetCancelConnectionW-0x84 mpr+0x7853 exception.exception_code: 0xc0000005 registers.eax: 0 registers.ecx: 0 registers.edx: 0 registers.ebx: 1637363 registers.esp: 1637000 registers.ebp: 1637012 registers.esi: 1637152 registers.edi: 2 stacktrace: WNetEnumResourceW+0x5b5 WNetGetProviderNameW-0x133 mpr+0x360d @ 0x73db360d WNetEnumResourceW+0x533 WNetGetProviderNameW-0x1b5 mpr+0x358b @ 0x73db358b WNetEnumResourceW+0x500 WNetGetProviderNameW-0x1e8 mpr+0x3558 @ 0x73db3558 WNetClearConnections+0x2e5b WNetCancelConnectionW-0x9 mpr+0x78ce @ 0x73db78ce WNetCancelConnection2W+0x15 WNetRestoreSingleConnectionW-0x322 mpr+0x8ce6 @ 0x73db8ce6 WNetCancelConnection2A+0x3c WNetCancelConnectionA-0x22 mpr+0xad8c @ 0x73dbad8c 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x2c10 @ 0x402c10 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x19e4 @ 0x4019e4 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1a5e @ 0x401a5e 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1b7a @ 0x401b7a 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1c73 @ 0x401c73 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x4cd6 @ 0x404cd6 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5	success	0	0

Time & API

Arguments

Status

Return

Repeated

1727545342.625125
__exception__

exception.address: 0x73db7853
exception.instruction: mov dx, word ptr [eax]
exception.instruction_r: 66 8b 10 40 40 66 85 d2 75 f6 2b c7 d1 f8 5f 75
exception.symbol: WNetClearConnections+0x2de0 WNetCancelConnectionW-0x84 mpr+0x7853
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 0
registers.edx: 0
registers.ebx: 1637363
registers.esp: 1637000
registers.ebp: 1637012
registers.esi: 1637152
registers.edi: 2
stacktrace:

WNetEnumResourceW+0x5b5 WNetGetProviderNameW-0x133 mpr+0x360d @ 0x73db360d
WNetEnumResourceW+0x533 WNetGetProviderNameW-0x1b5 mpr+0x358b @ 0x73db358b
WNetEnumResourceW+0x500 WNetGetProviderNameW-0x1e8 mpr+0x3558 @ 0x73db3558
WNetClearConnections+0x2e5b WNetCancelConnectionW-0x9 mpr+0x78ce @ 0x73db78ce
WNetCancelConnection2W+0x15 WNetRestoreSingleConnectionW-0x322 mpr+0x8ce6 @ 0x73db8ce6
WNetCancelConnection2A+0x3c WNetCancelConnectionA-0x22 mpr+0xad8c @ 0x73dbad8c
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x2c10 @ 0x402c10
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x19e4 @ 0x4019e4
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1a5e @ 0x401a5e
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1b7a @ 0x401b7a
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x1c73 @ 0x401c73
034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c+0x4cd6 @ 0x404cd6
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

success

一个进程试图延迟分析任务。 (1 个事件)

description

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe 试图睡眠 803.228 秒，实际延迟分析时间 803.228 秒

在文件系统上创建可执行文件 (50 out of 76 个事件)

file	C:\Users\All Users\Microsoft\Search\Data\Temp\swedish gang bang beast public .rar.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake masturbation pregnant .rar.exe
file	C:\ProgramData\Microsoft\RAC\Temp\indian horse hardcore licking .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx sleeping (Sarah).mpeg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish kicking sperm big mistress .rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gang bang sperm [free] (Sylvia).rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore public .mpeg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian fetish blowjob [free] (Janette).mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie hotel .mpeg.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\russian horse sperm catfight castration .mpg.exe
file	C:\Windows\Downloaded Program Files\trambling full movie blondie .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\indian kicking fucking hot (!) (Liz).avi.exe
file	C:\Windows\SysWOW64\IME\shared\lingerie [free] feet .zip.exe
file	C:\Users\Default\Downloads\bukkake lesbian mature .rar.exe
file	C:\360Downloads\japanese nude horse girls .mpg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\tyrkish kicking bukkake [free] sm .mpg.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\sperm voyeur black hairunshaved .avi.exe
file	C:\Users\tu\AppData\Local\Temp\bukkake lesbian titts wifey (Sarah).avi.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\black cumshot hardcore voyeur penetration .mpeg.exe
file	C:\Windows\System32\FxsTmp\nude xxx catfight bedroom (Britney,Jade).rar.exe
file	C:\Users\tu\Templates\indian gang bang lingerie [milf] hairy .mpeg.exe
file	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse several models circumcision (Sandy,Tatjana).rar.exe
file	C:\Program Files\Windows Journal\Templates\danish gang bang lingerie licking (Samantha).mpg.exe
file	C:\Users\Default\Templates\tyrkish action sperm full movie feet .mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian handjob horse [free] ejaculation .avi.exe
file	C:\Windows\System32\IME\shared\sperm big hole black hairunshaved .mpeg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public shoes .mpeg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese cum lingerie [bangbus] .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm hidden swallow .mpeg.exe
file	C:\Windows\assembly\tmp\xxx catfight glans upskirt (Sarah).avi.exe
file	C:\Windows\System32\config\systemprofile\swedish cum beast [bangbus] feet .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake [milf] leather .zip.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude fucking [free] girly (Christine,Liz).zip.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\gay [milf] glans sweet (Melissa).zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish cum gay licking latex .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie full movie balls .zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\gay big penetration .mpeg.exe
file	C:\Windows\security\templates\swedish cumshot horse [free] hole lady .zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx catfight leather (Jenna,Jade).mpg.exe
file	C:\Windows\mssrv.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish blowjob hidden .rar.exe
file	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian porn gay hot (!) (Samantha).rar.exe
file	C:\Windows\System32\LogFiles\Fax\Incoming\horse [bangbus] (Curtney).rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\russian porn blowjob uncut feet hairy .rar.exe
file	C:\ProgramData\Templates\danish fetish horse public glans .mpg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\bukkake sleeping titts sweet .mpeg.exe
file	C:\Windows\SysWOW64\config\systemprofile\hardcore masturbation .avi.exe
file	C:\Windows\SysWOW64\FxsTmp\japanese horse horse hot (!) upskirt .zip.exe
file	C:\Users\Default\AppData\Local\Temp\indian cumshot horse masturbation titts high heels (Jade).mpg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american nude trambling sleeping feet .rar.exe

将可执行文件投放到用户的 AppData 文件夹 (20 个事件)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action sperm full movie feet .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\indian kicking fucking hot (!) (Liz).avi.exe
file	C:\Users\tu\AppData\Local\Temp\bukkake lesbian titts wifey (Sarah).avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\japanese kicking horse public ash (Kathrin,Curtney).avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast several models glans .mpg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\tyrkish kicking bukkake [free] sm .mpg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\black cumshot hardcore voyeur penetration .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie hotel .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gang bang sperm [free] (Sylvia).rar.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public shoes .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\black beastiality fucking voyeur glans fishy .mpg.exe
file	C:\Users\Default\AppData\Local\Temp\indian cumshot horse masturbation titts high heels (Jade).mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\gay [milf] glans sweet (Melissa).zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian gang bang lingerie [milf] hairy .mpeg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast catfight redhair (Sandy,Sylvia).avi.exe
file	C:\Users\Administrator\AppData\Local\Temp\lesbian [free] .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\russian porn blowjob uncut feet hairy .rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay big penetration .mpeg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish blowjob hidden .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\sperm catfight beautyfull (Britney,Sylvia).mpg.exe

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00009200', 'entropy': 7.72410521667106}

entropy

7.72410521667106

description

发现高熵的节

entropy

0.32882882882882886

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 111 个事件)

Time & API	Arguments	Status
1727545290.469125 Process32NextW	snapshot_handle: 0x0000012c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 2400	failed
1727545292.938125 Process32NextW	snapshot_handle: 0x00000258 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 2504	failed
1727545295.188125 Process32NextW	snapshot_handle: 0x00000278 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545297.188125 Process32NextW	snapshot_handle: 0x000002c0 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545299.188125 Process32NextW	snapshot_handle: 0x00000130 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545301.188125 Process32NextW	snapshot_handle: 0x000002bc process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545303.188125 Process32NextW	snapshot_handle: 0x000002bc process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545305.188125 Process32NextW	snapshot_handle: 0x000002bc process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545307.203125 Process32NextW	snapshot_handle: 0x000002ac process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545309.219125 Process32NextW	snapshot_handle: 0x000002ac process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545311.219125 Process32NextW	snapshot_handle: 0x000002ac process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545313.219125 Process32NextW	snapshot_handle: 0x0000029c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545315.235125 Process32NextW	snapshot_handle: 0x0000029c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545317.235125 Process32NextW	snapshot_handle: 0x000002ac process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545319.235125 Process32NextW	snapshot_handle: 0x0000024c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545321.235125 Process32NextW	snapshot_handle: 0x00000300 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545323.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545325.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545327.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545329.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545331.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545333.235125 Process32NextW	snapshot_handle: 0x00000348 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545335.235125 Process32NextW	snapshot_handle: 0x0000034c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545337.235125 Process32NextW	snapshot_handle: 0x0000034c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545339.235125 Process32NextW	snapshot_handle: 0x00000274 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545341.235125 Process32NextW	snapshot_handle: 0x000002f8 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545343.250125 Process32NextW	snapshot_handle: 0x000002f8 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545345.250125 Process32NextW	snapshot_handle: 0x000002f8 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545347.250125 Process32NextW	snapshot_handle: 0x00000270 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545292.952375 Process32NextW	snapshot_handle: 0x00000118 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 2504	failed
1727545295.234375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545297.234375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545299.234375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545301.249375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545303.249375 Process32NextW	snapshot_handle: 0x00000114 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545305.249375 Process32NextW	snapshot_handle: 0x00000114 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545307.249375 Process32NextW	snapshot_handle: 0x00000114 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545309.249375 Process32NextW	snapshot_handle: 0x00000114 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545311.249375 Process32NextW	snapshot_handle: 0x00000114 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545313.249375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545315.249375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545317.249375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545319.249375 Process32NextW	snapshot_handle: 0x00000298 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545321.249375 Process32NextW	snapshot_handle: 0x00000270 process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545323.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545325.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545327.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545329.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545331.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed
1727545333.249375 Process32NextW	snapshot_handle: 0x0000026c process_name: 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe process_identifier: 1836	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX1				description	节名称指示UPX
section	UPX2				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (4 个事件)

host	114.114.114.114
host	8.8.8.8
host	47.124.170.234
host	184.56.17.14

枚举服务，可能用于反虚拟化 (50 out of 6096 个事件)

Time & API	Arguments	Status
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.469125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.485125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.500125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.516125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed
1727545288.531125 EnumServicesStatusA	service_handle: 0x0054c840 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿ:h/UÿÜ::8R@ÞTl[w@ÞTh/Un8R`-UÄRèúQÍø;z8ûxÿÍ_w P%þÿÿÿz8[wr4[w`-UnoX-U0ü¿évR`-UÃ@\ýÜÞ`-UØþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意 (50 out of 56 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.2464E16B
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.2464E16B
AhnLab-V3	Worm/Win32.Agent.R336858
Antiy-AVL	Worm/Win32.Agent.cp
Arcabit	Generic.Malware.SP!V!Pk!prn.2464E16B
Avast	Win32:Malware-gen
Avira	TR/Dropper.Gen
BitDefender	Generic.Malware.SP!V!Pk!prn.2464E16B
BitDefenderTheta	AI:Packer.0234C2041E
Bkav	W32.AIDetectVM.malware1
ClamAV	Win.Worm.SillyWNSE-7784290-0
Comodo	Worm.Win32.Agent.CP@42tt
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.da8db4
Cynet	Malicious (score: 100)
Cyren	W32/Agent.BTR.gen!Eldorado
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	a variant of Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.2464E16B (B)
Endgame	malicious (high confidence)
F-Prot	W32/Agent.BTR.gen!Eldorado
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.7964ce5da8db4f2f
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.2464E16B
Ikarus	Worm.Win32.Agent
Invincea	heuristic
Jiangmin	Worm.Agent.ws
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=84)
Malwarebytes	Trojan.Agent.Generic
McAfee	GenericRXKN-BX!7964CE5DA8DB
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.2464E16B
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.4FA1.Malware.Gen
Rising	Worm.Agent!1.BDD2 (TFE:dGZlOgHzbkH2RFbjOw)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR
Symantec	W32.SillyWNSE
Tencent	Malware.Win32.Gencirc.10ba4358
Trapmine	malicious.high.ml.score
VBA32	Worm.Agent

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.jxmnr	0x00001000	0x00011000	0x00011200	4.895716385148769
UPX1	0x00012000	0x00009000	0x00009200	7.72410521667106
UPX2	0x0001b000	0x00001000	0x00001200	0.729760167284688
.lpkez	0x0001c000	0x00001000	0x00000200	3.9638687291035044
.g	0x0001d000	0x00001000	0x00000200	0.5960600373116879
.i	0x0001e000	0x00001000	0x00000200	3.022024057407475

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

->zU?C1.*ph
.jxmnr
.lpkez
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
U%z?@e`@
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
Y<9O_V4#
,:@>" :I
7&)"DG5D
E+4,=CJ2:$@/">?<$D
@%0?&6
/ !%.
0!&'-'
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,71:
 B=FOh
<p^Z.>
=?GI 4
Y H)\}
E,-D5?W
4 R<+G
&"yaR$c
R+S*?${
1MO0Z[8;rf
^B$30#
7U.eU1
E=B>W&
<i :;1=d3>|-K+2
($<*](;
{F1T>cc'xXy
Y7)8Z+vb
?(5`.}
O;'ub&\*
sja,^=
I3I?hB!
Z?3`60/V4
.|{W>/
Y8'5m)
h0r#}s;
,];lA?s
9-"7p($
}%R+N5R<9
7>0=0>?B z
'~)/#j#
!"xM>`V-,<
Vf@0-vy
f6H21+iH
u<`0C=
#e&Zz&
6Q.W3*
.96{R10Y
6$k-E>_&
h7j*>
'/#.]<
:])];v\
v4hul6
%Dnk Y{
l-c,5[<~F+
u_/#v:9J9J_=P!
O*"`:pm" 
<Y-|.J1
094**!
A+7$#5
2a8y<*8fB(Lb
7.#>9@
3x.*5S2<`/Zn
591L&ExN36
>$K+?~Y%[>
 Wt-*i
(I.2:Nn!
:p!fT6
FC%*l
}"Rd<51<
y>!#8.
r%J<*2q
&29445!G
!/Z%JO
&m*YD4U/\
d%,(&M>V1K
|'V`A;
d#P@v
Z3`6KW
7$mN5Zi
Y'e9:
K<d=I>
@U,@8a
#52n5[
""&Z90c
][]*R%
4Y5D4>/07.:[93
"?$}(
03}~e>-12
Oli&z/
.$y)m7#
(&&?3A)!!
D6>6C3.
r]6w\+
7-TN<Ka8jW3
Ej'/8p$
}+sM=<<
:h:)#+1m<
QZ17vST
?!1))x
Dw-")3",
Y/L!!
&?}J8`i4
t%z;s hDS
(Y&(2(+
'K.V42o6(6
)'2'Q+a[5^8\:
73d4tF
G9L=!SP`
@P;#)y;BcK
;X nR
V6rJ>IA
,E26IP
{,4{U+|p
0nK.K&l
*:u46Z/
-p!1w- 
/rZ'vP R
>q3L1y
9nV6{'
U2DBN2q
!"47<=
B9--Z
y`F$/h
-,V1hs1h
-0E%O]+X
2\u<V-&
Pq3aDd
Nt7#o6
=Vo7t"&k%L
^}'3c8@D
3+_",S8 D0
;)L(^:c
17x2*!e
E\9(]X"
%$5< Wx
a9a;{O
j8:R*T
?w-{$,
>)q?xz
>m^/1F+
vM.)6<p
?O7f<J
9(Nc*Yh
"y\9=
z*&v,-
N,oj!L
0''r$#_#/Z
*=K)Q2J1
j:E!E"
;IbZ1?
82@#?C3
1/i}c
R-[3d
kH!,_<wI
'x]=lu
2<=,;Ft8-dE*R-
|"\-/
4,5?N<Y1=;m
@7Uy)
2671A#[+
?9$.[8
L#+C-;\Nw
H&+`*Z0'86\
vy<xU4EN
!$B=$3
&$7,&;%n'
Q.R.-8,,
9@2* 
%!};H'~
9ib$h*`c>
gA/Jzc:
Ju?&`$Z)\cL
%(MI'x-_UX*uc`
Rc .?!o
>-3v,VN$
+\?Pa$1
7$>a;8L/m
Y<KK+Z,
#j(&,y;#]')K~8@3G8
`k=^d[
g02:ka,
<'!2r:G
E<{p(8
m5W;, 0D
,vD;>]q>2rG 
~>Z45n
c:11l>
&7=y1o~
LfY:aK2
!Ct:Hq
+3'>+?!K\d$
-Asb)t
&(?b.<Y
7|80!<
g.((N`
/[O?@(=7"
=4>e2(qE
;W|<H,:+:
,\Y) ^
)#F+{,<P
?*9vAR9@2<
U8b:~4"@;
]I1h|)
)#6X)K
!wA3SW,c;#
*.8OSf4
<`3?/2/
9y"-b:
@}&3(0^H
%rf&Hn
-p>=Bq
AI5\2;
s$H8<x
<Y!a$(
%[$u)Ql
:l )6%EL
]#T3|t
:S=4%,i?
(R9q*1
|)z&9]
>/8$)Ne
$9$7Dz
#2z9X.m/uG$2*
X<YU[9M+
7|!&'1
LX3JaK
H!O8<+\C
)fQ-H@1|X
g%1$c|6
.?,$K~
44!*(2S&!e
3&.{6+f
.0E2+01.
1265<.: 
;V9$l2
4T5F+?Q
+1*T\+9m_;J
r-uG%'
3AD/VBv
oa2)*0(
(@),K>tA
'QK~*"
z4y7B:]
1D!99w:oC
v8&Y.Q
@F1z@}
bH&22N
n.oU#I[
Z2>;B&L!C8
ma?1%']?%P-^h
f0k17*
.3s7:0a&E$4
K`76k'|
,g51<\6
297iZ;(r
%u"#`,
42%L+#
_<}[=e{
32&-! g
v>qqe3
R)NKK9
w1zM*e7D8v
|)fz(] #u5
9Y-F|.54(
?9>e'$
#C)p3u"''g
3S:\04
6Y)E,n
['4y{3}P
|6c?J
bE$6q!]/3">-
Qi<<:q9
2;<!w:
9H'XB=0O
-f?zZ=
e4u2J
C;+90b
;S;^'9
Sk;BR.97
# )1"s>+E >v*
9=G 'N!
8_6[5}&=E
./:il(
;=M%JQ9emh&
8> <6w
jM] D/y
?v/>1Y
g<QF/6!7"
G#wX5W':
Z#,\!5,D
i4h'qq
RZ!)pxu
(&XG5v
wn/1i)! F8
1\=u+*`%^-
M4AR+zg
E)$`+LV;
)5H%#u
5{4i=rfk
/;$A181>E
7<I"")')
d[12G!
7T6:1m9B
-n$WC.
"R1'0
\-}\"|`R
566Dv?Q?
9<`J.8e0#>Y
0/O:g
3+\ N/
$`2s'-y
a0$n*<%5rS+2
B$..A"
.*;-0G
q<oV'r
|l0Z!q7ks
-c";>(,w
T+u-5,
Ge)/i~
ct;!8pBz
"Ef?+>
Bl?*$5o g)8
v)Z;o>
=`oR2q
|7/)
d2U3&l;="}
,{2!?^
XQ<SO>
!Nt5_
A$.j.2
-8/'P:j2L;
(MC<r@_
$2%:(/!)
l07Eq=
f9Ku+@5
G#<tJ0
-5eXI$8
!*a"? ?
=XO!x({O-
f^6s5;<Em1
z:!#=/8J(n
5FP;&j
S/;'kk!
?6*7]J
~P 5o-
f5O|+GB(R&XVM
VW%Uwb
$>$89S
<#;c;Y8
;V2^#3%8
.'{&CB(
kj"(#)
g)S81N-
?8 +,*
2.8n>80
{k+j?]
k%7:8m
nh/vh%m_(=+&
|9MC9J
{#i8bj Oc
/X[>9 
<8$&`1
H;Muf?^
)!Zu5>?.i
6"1U#9&
+'}z$r
4%t,;7''S`4sj+
cui"f[:7p
:{<%K'
kl#0x9s
+0<(h!
8E493Q
wh>>c*
%*O2A?pq,
jN:8h;F
V"0| "/6
\-P"/v 
&x7r\9
z]#yn
!z+~#X
X`M.-;"b
?FL29`
JcD"$L6l:
B`23sF4r
"y,ZUE
@*;99%&*%[
.B1IiU
m);%6~
m+%S:#fj
s9nX0n*
3)iz<&gy
c%F#>{#
=Q<o)i?$F
6kW4,Z',v
>-H>|I
}&-3*`
:08l)?_V
K.+/J
3zc(y9
(|?~3=&
GQ)Y<#
2mB-7[lB
^(IR.r
#*Bh<B%190m
;1x>jq5G'0;"sp
+*'%6{
:T=.=& ?$g/->O
W'+p;D
]O)x%<
hcr,5:
y3='PX
(!<#;?@>
t&U[.`(
)48:y*V3_
9;H-8J-
b-Q9oL
8;'01+=Cf3
+)$2m[
z9~;t70(c
.:n8gr2f
s!:ly)i
ej=](?ph
hx;Rg.T'
F^>8=6
"S+g.l9
*9p&4:*-
 P?+1?
Y;Xo5x
<oq-0
La3]?R
*/+K[8J53"!S#a)o.'tj#
:9?45=
&6.7w.
=^4<)M
(|@8{n
g3{?'",Y
o('*g1
S0w::y6^,
x*0R/=
!6O1Df|
V*-C$4"
J!}K-A
>&}Y1y
G5+)e%*){7rz
@)Kl1\
.U eC+l
J3b4 Z7
g6d}(P1LF8
+8mg+1>v2
"&G*J#
{Q,+x_;s7
T/R=nl4
.|d357w
8|m0-#7`- B
2`C+?%0tQ$F
1q]30]*" 
Yp3Z*,_'C':
K~Xy)
&:3sQ\
9;/.2*3aa
N%64E"
mL,UW1c
0s4#!#g3+*
id(!e 
?>*6oY7S!
^:;8b,+d4
G+\>nI-5<
C6X'i1
Q8?9;j
{#:;Q 
U15pQ2&!
~8a*9f
V6`[F
(}'Y6J1
 !S%$|?
)aJ69?
.o{1%38H&
 .M2+Bn
t?b7(Cf6
"#6lk
G,29<:J
9n&Z<e
>.0p3(Kh5]*xi>L
p4B%Q2 
#V,`"L
(qqB?
.+D(%q
,*Q(q8
&oq\7V
>"t57m
N#b!lv''
J~u0M=/
/$b2M#+-)
Z0~$'5P6BG<
_8l!3J"
L5m';4
<t>6I(%.8%J?
cL$[R>
>3^7a3
%CWm*d;G-# C
0)5*"fC
id.O1WO
?#5:$w
u4y|\}7"`#p
~59F%,F
1y2 $zd
>6uZ,i05
%.Uq.J>
7Q[)IJ
z99~5
&q8A+)
;/%PL(K
T<D#dR
=/l7I1
&9E[&@0}
b18j6(
9N j:$b
]>0?"a#i*
$*211~
D) 9#`+
p3l7<n[
/, ;-'Mo8
@ak+R*R(!c;^<
"o)/+g=
ZJ#SJ/%A1**L
'779C9?
,F!<A<$
j:k+X46c'
e'):sy-
/1*6[<
4P1I:O
(i+b/wa
O+!pc$
F(lZ;b
1M2z*62n7s
}:>X7-}
.!23yQ(E
oT6q?+u;P1
P54W5Ay&
rI>6%?
4a}+LG&@
A'',8@
o!Z#K?*
C*n2.Q"f5t
-'S{8h
q=k#<$<IP*H
4G02"fz@1
( =T3R*q!=w
&1916`%
{76"o2Q=
x}0w"K'T*&5$X
<&7,Z~
8!B]?v
6(KA>v/3x'`u
/'hz-[5
5XC"!}e
![>&=+
*[4:;ME+/
c4.H-o%
r=7'9>
O)5;r6:%%
*1:%=9L<7
3cX'}>6]Q$6#
@N$G1+BO|
e8":>j4kM<,
V<[1RH
WS2!04
w8+"d
;#m_<s8
Vu9p-t
9jR,~K,3:
2H#q|'
,}6u6PB,
O0:y\~
&ew;AK
4^V3R4
?Vv4b+
r#+[(6=
X=DU!a
H;G2J5,
7<*d?),5B|+#
6Z3;Z4mU
**~!f
%;N;>\
-h',V+
g?$dgg
z,525>
a@"\\6A+,2&I$u
<H\7o74*
>a?:%4
BN'K8s;a-&"e;
7*""*1O
7R(,T\
O'eX2(.,1dr+
Q#we3<V
)n1D$Y
$GcS)?
I%F //P?DxK5
{C!2"!2u
B*\M)_$4i
8:!oE
%]5  Uc+H![1gd:$$A
B$4=:j,
&D<r6S?<v
di6)>z
  $w&~=
1a-jQ 
$ (sB6
Jn%0c+
J*'T<>
&F]2Qz p\
,/|o.8,%e+7Te.#
yc.vs,
%]'  B
L:b:}4
b9L;v95R
BJ.zk.
W9D/>),|I-NIg8_:
-t:X(!!
U)r>?0
 oy7l5
Yc*a{7A4C
g/tD%@.Z(3
U8.2#I
r)'=#B
+;xy=@?
/*< m6$A,%LC3&?^D?
!wK:G5,0
;(+{L\
1:1g=k"
H(90[/
))Ip48
ah)&/19,UQ88
KU!F'(4j
7)4AY(\k
&{<&Yf9
u""um<
*M"W6vS)@;ml
85+^#^-Q
;I&&T2 
m"#}5B0p
w).4+y/
33$1E|
'?`;[+"
|1-rQ,
F2:Qi0
f|&d8T4dU'Z%h
h1K8.)-%#;)
*%)P"d;-Y=+7>82r
UP'0-I
"##Y36N
$;5[?TO(
5;p&#Q
vM%;V9DO+:RI+<((-
O.hn+jO
.7_6!'$b
r!V)49
o9-,i'UM58
T.W2y>
8Hph134,
=VB:"B]c
(#+x6d-aM
f![|w$*e
.mz25p6G7
=L>76K*2,g?\
{;dp4QuQ-jn
WS-.5> 
42V7:/
qrM="v
p)a>/A
'! =?l4
:!!8?P8PY
VV&5S*
.(y)[=3
KZ(M;Cu
'(0@.@?w
Z?.+^,*2G
cFH5j
S%%D@?
<~92kD
e"j88"
"?R,11
^-J+"#U
v0d*FQ"
HF),T)f
:<*./uA4
n-5-bxD
X9pN4
&?1H0
,b3}[30
_ut:&$Q&V
M.u,B>0
\<rya+4
1-,$-l)+
-H?!Mi
$DGsj1
G906EQ2
S4;)<8/. /+~2
OOI3[-0\
(47k.*
W[4.$I9
$V086gA]
^!!T.u
ww' %,5
.h= 9l7`!2
F+OR::b7F$
r*;(3z$j
(~<U]z#=.g
8S>+:4
,'%:5';*2t/:
r3X"P;3GT(r
4)tl-H
7[o@x
.%%/<"K|F
/9)*0;
$G:J8"
:V/nt+#0
k.h<}
0]j)~a
?XK#$ Os>z
_7)?l3M" Dk
jj:V5-
>Ll;j+^>-'CI
8/ )} $
83c rx-
fZ+E,6?<W
[d%$l9
/i_%,<=K29
7]6D!{2+-7
dD<=8z
 #$c-KB3k?
u7 *|"05/
.P.gCn>T
n. $1
X:5jM5
?#2D 
x8]C/1z
*hG8YuT
$'%=K+h
4\M2%4X7U7
u _i#w"
X(*l!oe
T"x}Q72<c.
 re"K=5
1t*/$B
HI0$(Lo:Cv6
6<+#mO
<#'ER:
#7('Q5
6K!5/ i2G<
t"*0S#c
$!RFr-J%f]
l~z(/>D-N&p(
Q9%$\Nl
Y>3`1*>P1N1
q?}p#Mk
]{:\WK"y
M7PL-t8'E
3Z <&Z:#*
>)k%a;=
0"mht
+a.])d}
3;E<#.{
].&II7H
Cg"Bk8N+<g
,c8d}%'Qk
.{:6|61#0
Q):}5=!9>
?FI%tx/F
?1bO;Ew&1
D a=2d3O
4o"%\l
-%}o/Z$3
[,!<* /CX#6@
dS):T
k#?;c~c
x5gE<c:D
ek0^-T/(
4*n=,$8D
;,R:/;
T=C7v
9O(P1}q'
58R u,
?wc-q.Y!
G/'gX4u>7&a
>n62V1
;8]7a
}!E-(]"G?
;/{vZ+s
j m%i(
)(jx+kB-'4
4>U""]
`&$9h()"/Q/~|3?X
yZr.;YS
od5J5B8
M%PI7_
G>NHr#
;H]H<-
`N=[4Q>
@VM";s>
"% 6.S48'^O&&Q
k~(87"6fJ<
)n&<&N-S90
2IS;Yo ^i<2: '$
R!% E6
8nj>st
*G7i:6G@ ("45
3160{#[9 
i7:f$4p
3`05":
O+U0j$p
/}-2}#
9l1Y)?
4_}+NC
2++.G2
2(o+D!~
U)j)yh
c9#<M1/&x9
+)f:24
C+p=@*w
8t"%h=(
7716B!agh
)k]!(I
K)40>c5[e3E;
96-'I6<Z4%
O2W;[@5!>gI
GA&N)sj
"Gy4.%:
M<6-Q- ,QM:?i
0,)1nG-e.
1C$amxRS
lv)9;N
U7k=MJ*_
`r/}|'45@:
u(he9;
5c)VS~
'%=A::
F*^*E G
9I>cBi?x1ke
0"q?:{*
8V>?xQ
<P.GBJ,
n=7Zb&+*8
YN<\ t)
>v=7pF
DH1G:j7e
b7n$!f$6
/#]2i6,,1y;
;H?q5S;~
<c4s+N_
[D<B,J
-X(X/#wm
)u @E\
+T:,6H%
#7ct"$?
By!/)z
.6*1D)0N_
x\$8exh$d
u>RA8\
'gKR1T^1]
$co#:"X' K
N7q^7:
pGG6N<
856X+]
 /%9u9
g-2o$y~
2_2?0!d
A<LX);=
wU.q&J*313f
`./C`(.<K&5($tD.
1[.*84X',^U;
GD6t'L/<z
]*8`M?s
3p2eq{
y.|A!d9
"#=;R]$@9!h2(:
.&B.6Q
;h4`:]
)z;M6/
U8} ;Z*
Y\!`Y[+\9
q(,O9X&!g02n
>B-J"5P
.Zh';&
UP!t61SY
!,63'M$
5~!Wr*,z<.H6
%L5*07
5BC"E`
`ps.;8
,v=K)(
 Jj)Fj
9T,<0n5
a;9D2p:
4*e6|T
8/h!..
b)G}3C3:
$5~**&`)
05:W!pa>9
-~1G;U
D}!s2!
,VG !o*
=$L93\7@4_,+n2
"#$M.2P4
I:y=B"
~,tK''8j2
{ D.%c
k2d'&!Dg
Q4i{9<.w$=
6,(jU,1o
n3/ ;x
W6Q\$4
(M72v]
<)xK19g
T7,66=])
n(g-`?5s}
A+'zUe
.q;-FU-?
98:4cP%-J
Vh,yY1
E;FL$V
ll-H<_ n
d1#;?4$
'v"t 5
6(3cw-$)]".^n
S+rt=;*
11+fu#?B-6;KYd$Y}
0T GG,5*5'
16#sE0<9
wy:#,O
gO$5,=.(22|
H;3=* 
:)43"FM7:
2<Ro%
m/xp5N
n+.+?b
'U{8`7
30f7\>2u
d;Kj=$H
vP/N08t[
&*Hs*1
?XO ,2W
).l?ls
q+</ K
9:v3/[8
_-zoM>
A"2\S 
zd04MI
@'L6+!
8/K{BZ-Y8V{
rn?eNv
084;+m!{
F2];1;6
Rj:_>R
=T~D2/d
ys$)*r*(
qT!j"s
 )x&/&1F^
9B8[&.M
#;D<Ys0NZ?0
J7[;!>R>&
9LV!%'G
y4%>4
{>v<fk
c4"$M:G
?m-8~Z3[
>G;WM:Ts
,.0>(a
P =+l/
.w.jd p(E#:
#F,v(/
ci&q}d
25W~)o)8
@zx;NG!}
2m*- ?475_G
5UY#M+!=PX
E3O)`7
 #P0&9r
4a2#J=
07""+5~
m/3,-oO3%w
6q5K0:8
0L+)W.e\
_S <4!
Y6Ei7t?i
<'%%1<
&GK$,<&0:3
R59c;`
i-'9{
Th<=@m5
?!E+9$h
`\?/h/
E1U_7X
#O."O;F!zO4
#p%be-
"!\W;P
./p(oO
ajs:^=
*6o8[!*J;)7.
*>W.{!R
P4"00
><"M'D
9f&3i)2
 A,j=y
)>&=7D%
l-}O&~"I
$5?}*F
bre+O;z
-1i)`-9
9]B&W|&#q
2$Q(5Z2
?EU+\c
/&oL4
8P4?P"
&TV!u+.Y>S
k){ f7(5
^H,aSo?
K.5d<eS
C<1e28
;*{v3x*i
6ASt-&
0@=w"*
GML;B;(
:M:%|>JZ
39{0<y"B6
) .T,a
g1-T5>O.o>$7
#!v>;M/
~-l ]B)jV<=-
Ot%/d&9f<~
/#RH?F
q>A[4a
+>S(u0
BhL,Ch**`5S9*/+
y!h4@\,$)(y)&
7()-k;f0
A C+k ,!o
Z% c,[
sgT%8H
8,>Ej5
L/*~4'8$4(,K
2^+R%1.6
8S~;e+u 
5-?9``7`W
 k#UC0~
5w9X-L5
D*/Km7
o=#J;P8_"
H"2A00\B
)'P%tz
-9CY-+#
\*2,T)m*,&`3
o&>%B
>]j07q
H6CT<-'J
D 1B9m=<i
n]t/;>%
U)*{a4x
\'R];4
j(&0+.
l,E;5t
?hI Yl
U%<1%2
7e.DD
.L4{<e+
NF?`H3Y)
\c5u- 
&/8PX,t=
!Zw=E#&x+;/&
K)u0mCE
875cp+0$
/K'%CJ8P(F"V
0<p8LT";
r{(W24
"><vw2#Bf?-("b;>F7=B!
GP2#n%e
l.z |<
%U,5 ,
+ph( S
wB/n:->'
:t>57'>
qsY9X7
OI#b&5N5-'P|
0"~=(3u
;m\$z7
szs0fc8
:GQ\%eH$)C
4`7E?#8!m2
d.i%77
6P*}\>
=k:D5km)
>_8n|3T&,9
R7v0gYI
0{&<#
X<^,<2N,
t=l5)0(~<Oj
MZU&{96
C,v$@;%e9t'
%^6H7D
 7'009
Q8l"j mu
GRJ'S,
u/%)L))
(|!RA
["v8":1.'x'Z;=(jWC
`t;"F9C.F
*QHH7c/
/s)5%T4?Bj
J")o:\%?
u/Dc-[109-
5@&hK'Un
!-xC"
uM? 3_O
K%&=oW
3|)BI*{\:@6
Nr&.;S.
fQ1E1:r6)U
t_=9g[
*_7ue)"GS8
p"=:)R
,'^!h?
|z=+5X1(<};3d!
x:=7- w2s!
!Xs:N2;q1b-
m+4T%YM
G"\: q(`1
'3A*/!
/)H,aB
8A=8@:
:^Y"T!+
86GTr*Y
P&_0'-<
k V4*9j9,`
!k6C)#;,s6
:<R~4)=a<
ak3i@$
x1S!_a8<
%-$b;`
_;Jj$yc>
=PJCU
&(oE$M&
\O5-&9#a(
"8#i(?K;c
:)g)r?$M%c(Ya<a^
s>*=.tH
S3nm5J60
8X0i_&
O-U7"2!$
=(X;5=H
R[&k,j
uQ-v&<
do;XA?
-1Y21/$q@
2#D{:f<X
!*]*J +~[
F6!--3 
NFg.,(Fs?
M&H5i::
L/+~4&=KXl
*8{9;i
4LR+)pq
5?S:db=I
.Qp+iR-5
e\'ZY+C
7GV,RX
.6I"i9%
Dc$W5Q~/vm1[
1'Fw0`@
&<"qi^3
(/S?3>N
UR)=z%f
$V+u12
w0\y{+X
'_k:rdS
@v=4*V
tpf(am!S&c
-|%I<=02
O)jXh:wF?4
M/x~0k
."9,(3i[V
+S5&2g
:1]n-#x%
:{V3O0"
8,) ~4 
:=%_) 
\-_4L<*
y2Y3\<=<.d+
Ya5[ 3
997(.:v
IYq'RB
*L,D;8&
Z<o|_3T
!c8H'Kz
3t}(_((E:t
W:n?7N
('1L*Q
7%Q>5s
OQR?~Q
7J62*45f+
2c25u"
<f1_@%_j
y*R+AJ9=H8
P7C:Zl
.> @s
)@tZ)!%<
~=GY<.-5a?/Li6
8I)'a'
8M2[>P"
Ks80+76)ci
1z=6P,ga
 y4Q;j"
<);83]+vz
11,`bf%Or
c:=*b;#!:
3--(,P9|4
5M"J)V
!H!Xd U}
):_x#g:
63*q8r+W7Y
=H_b8m=$>*a(
:K(2^A_?
3gj5't;<-E;.
F_/<H1
E04|"#2
p Y2/*l
1U:h6I=
iv& %E
,4?c#:I
x;3'/5
$0`;W5"
^8h"\%
&\<o_6^:#
52=&Z)!K
!{&$7C5<
Ej&N$>
#$>l$"#6#C
=sd+,1
w$3&{g*
xP0{R%<
"3P]7 |
.2v~\2-98:
m)q6<FE
-!0|"Z
_:4+?_
,/x$`&Q9
|)$lI#
"&g8R+
'v"t>;Oa>H1
N/LP7\
,]/G\-
7t>0")
"f :K-q
8a"h%!
":O%F&{#+
W>?70+
g0<rv;wN<
,H)IOL
18!>/D
4U4jYa)S
w773\/
n#jk*m"%.*{
p$<q_s3h;Q
|N,xYW
=091#v{
:1:+l}
 IJ!?[
?!)3;}[
`0Y^w?V
;m}54q2).o3
A'Pr5Z7
E7/0JS?
m]-&$R<
~=+uk'M3}
}+,%6)2
*.\7/#"L%u9aM,
Z*i1N9E
\r5'e&60
a63z:*l3{/dN9a/z
t.9}8]
d3ge#n!0?
x15=2,)
1b1(#R7F"!
)hX+]=
p/|L "2
7J;}+}8!
W76OV!
9.e',V6Xx.?
a-#b*HsQ?
=2&{CxA#^ ;9
$T$)i pi
8Ia[0B8'.
8=2g+W'L
"G^*,0"
1v9* (4
1'=)(C.>aM f
N/,/K2
-Rh2xc
?%Q42R"
w-6O3~
Z2:*6;'#
~A=9?8
q;'*-+
?)&Y2u-
0f#c1Y
^R:9&+=
W.J!;G
y1i<]9E
2V|v)+854
M/Lr[$
+'gG9*mj
;6:o<t
O%0ZV<{%8I8'(
 W%;xb=Q2
Y<jf;k[.
Z|"_n)vr4H
1q-pS+w6
9:h{!-
R)?x$`@k
KA$--7z@*5
1YL5(@
G\<a'
,<!=P!2+T>
^$CZ!=}>'
'By)aY
L#%~.@
:'3*$@*q%#.*6~\
ZG87B4
!6:WBP;
f/G`)*:
c9o4N(
e;(OR6
b1:Dd%
#=(=/2
uf.HE7r(
+.0eW#jP9q
 '?Y>~9x6/
d-!-Q!N
.OY#,NE5
&@]3ms
+'m!o!
1a%?5-c
J?x?%<2d"&k}b8
7? s;]y3"
9c 0m9vl
/O9>/!
>T3x*,6YK
,:Q'!zr:VJ9?:C(
`6)c!K<9-
8JoOz:40!
&*)M>5
tw4!C<
7/:M*>:fd
z8GbJ&
EH+s#W!+!
H1s;v tc
'dW#e6(
-=?-) B
P?30|5?
<Ua=8o
1\u3q?2
;;)B25
PM -x:
#!g81yU
$/?K5:
$s6I!W
5r(>*0
>Gc<4<
-[hi,F
j:gk&x
"I1EN;y0
/y8l35}
9<%]+
}Nq:Ol
%OS)(+
1\a:-*
64@;aB!
<V2qa4u.
8L0+l0
E:M.Z{=KF
 cD2!A=[#fO
sQ'rm#z
)%sN'dc
z)M9+{
0SK5P1(c_
^_%So.:x0%
Q*v-|_4
S>,X"@+>'8
pLh*6,n~Z
hh&e*S5q.
M4\U69
NX7}/T
)3bM'x
Upc>l%.oo 
V:~T'uO
\&8)*&
LK#A6*$I"
<H'+.z?
*P!!a+=(v3
H%'m:rZ
av3KW=#
fi.~).
Gel?a9
*;C.sN
6#gmC6G?I 
(>*K8|
=J")2]
)5Z#W1#D
g$z`&_&
J}<!1XN
MN>5oJt
^=-66L
b1^73r
=5.!9Kh7
I74 >a
E,6?,?8s<
>d+6#\
O<(]*e,03i|
*j[7{MA
 )T?V.
L9?#"9=w
%67VH6
9'R(N%
.,=)5!
6aE-::
h^Q?/cT
}YM/k(9f
?=1PdE
3b-n?Nsu
T4!6.`C
^:/MI#F
Lw*??.)8
}q./U$@yg
?t=/mV'a
<l+'o#)82S
cx1B %^$+c2*E =
a -!+[
 '<e|$
!]9I25
p{ wR_
"b"Q%!2T4
e}"a"z8
PI5/k"
<X8_Dr#c5O@L
%2F=m&*
H%8u**9+oI
-3{0%^4;
.&+LLFT5
ktm&n6E
`'T?<Z%FY
b-2" >
,7<eu.
=U8(w/]hM
~;-[(|3J
T) &Q!p
15Iu95
~!q+xa
J+"Oa)6?
b^T=:7d8"H#&
4W.W-3*+A*#5
0-T$V^
'#/-;K7^t,
"H4/o-
h,X.=)/01.87ID
dG"cy;1B'<W@
(6P7en
F0Lt2
*gq5*c?
Q6pEz!Qw-n&
67?);&6|#
0$Bqt7N&
\+C9:%9b
X>)Y.J%
3w!R_'
)$>'$RT
<77A9t
BT(cb7*<
j%w&4 =13
vQ6 +n)N_8
)l#m),8<
<+86/_g
9VX/GQ<b
3( 0&z
%B18n/
#9+C
80MKtZV#
 Z)Gk\
''S"B0>
-598E29
w5lk ?3
J.j!,C
qs3'/=
.  21>Q/
(FX(l8
vN>1#Fx
|r ];|5
O;NDK'u5D-
_?NE;o|*r-
*44L&A
*H+[A#Z'
5>[{205
#B0)c= <
[3O;$&@o>k*
g+T$1"!6j
R)IQ(x_+
6,:pt,=
?9>`!Q
Ka(9=&7.
#N$/)6
.$?U95
:F<O</
1T&13J1:/
_) "Xd!
}k+49-'b
6e`'r0A~/VR]!
"'u0?Zpa1+7B
 :1)?}/
as,=.,
<:.0I!7
g8@WA%#
w1{<7eR
Gm"T$I
nCr617>
`i>)'|b
.1U3h&(1,!4
=& ]4b
jk+})9
9zPA!?
l"+l>//z
46d(Y.!
!oR)!F["=*
uPR"$&
~-%-.(#)HZ;2*r,SYP$L
J<[=*p(Ey
lu% (eK
Gn*>f<
T]+&S?Q
:2*L3")5
--e/5[-##=k
w43sC
2/k>49+2%:f7
Np%T8bl
\ -~&P
XL6O'y
.!"`k%'ym \q%7(-
C83))J
G?g B52Cy{
r%(th)*
#"&n7S{ 8;&
#K;tE'W
s846)Em/'kk<
B9Iz1&
~y$i36<8
n#a+jc4/u&x8+6(
!^;vB-w
A%(Z.
p0+|0Rh
?-K050#T1]W(
:q"'D5
c6(qj&0
!3<Uc?zj
!l3J`<
""YI;2Q
1#T+Pq$
%>/Bb
a.!.A98<6)Z
7Rp,@F-J
8[;.$#)+
<(&t 8I:OC&s
T-$P*Rj('
/#f%i<#
[5n($|[/
*P"oB7
 Oi8`I
4@5A"[)}>iC?6yS 
tR>jv+B%C[]!VF$a
E_ rvE
:2K2WB%Y2{H
fwb1v.
x+bj5O
n!B3z7gy& #
V`.36]
}=>K?>
#,3|.w#
-U(?Ja
<J?(Ub
-),3#$
y'\DO6
#F&-0oc<
Mz((&f 
u4!}&,2+
t=j.;1'
3P;3)l-T
GrJ)*y
PN$h3mF;t
+ *K4?@
3nbW5x
iN}6^.
<@!1?,))sK
e/h:d8w
}=F="9"
"D$F#p
q.wg;-#
0"U#L
Cg5xj(t1|+
5?G3f8?+5
 =O!4
P +'<k."O
mK6Z S!
5aG/%X5E3I
fc0+*&bT
 h7s|/.
KE!dk&{:v
c*$/h!
SNP&D1J
Gs|3,3=(*j8#<nq0
w'8$G0QR
dj3/(>7*]7
v6T(F<]!n*
#]'TL
%l *9<
56-57:;@ 
q?t?B:X
`$v y.q
4%HaL8e
V3_n5$dN%+|"
,&9A]1
<LH82`=?@
?05k@H
3[C$fr57V58Pv"
#j2r,n?
,@>"x6s
":H<QP$
w'/1C2v3:u
,2V0.{(
lu&k/!
 )_1!+4
s;ME7^;+
EG)H&4A@
BC<=@,
T"Gu,7|3CQ
D:I.<%})0
g}/C&EC7.
?dF(~%xV
fk5>;j^6
hi7<o;':Z
)x="\$%A+,
`n%5!;V
u.6b'|
-Sc6P'*
f2Cs%N2
JsL9+m
25/x-4n
4Bp:7.3
.;Jx)@$.6Gv
i2?"j<
c6t'0m
;!8ZU%ir
8j++c3
!\x6uv
:b0_N;
pfs=4o9
1:[u,
-l.NC3-
uQ6+46`k&]
+Mws!$
6/%#3w=f
K2Gw9^
c?P=;g .
;*S8E5
W'%~2"
m"=Qi'
#3ja,1H$
Re41i{ 'L
,?s&w^
2%B(!)
D/I3`Z
8*X^:Y4N7
\6Y-u~(
);+@:./K
3%7).'
IKO;o3%N',W
 !.Q^1"c
5qo \*
!@I0h8
v'73^ i
/65*F1
4=_!S+JZ 
)?\C9Ua
u0s^3lK
>>Q#Ajf?@
723t'C
?)mD^);)8
'9Lq1K6^DV
5o71U9B+
B6*?;4St. 
Gy;f_H
e(R?1e@
}"-F'\h
w:D?/V
x*4y3;5
z+3.H18Pc
8bR]-
54!,1
&E"&?;
B$@/ ]0
to;jy0l
%4^2&'
.eS$S^
"c'1P-M
I]>?|>m]_?Z
B5).-(Q
WV H*C.
i-,>\/0
x.(0~1(J.
U&v!+?3d"
`''2?D7
9;'p3\(
/t'ls")!
:'$]2u5p
C$t'[y*@]
",/>r1E
%a1BQ
-;v;:[
d$a&e4
7&r8mv+we&/f
(1k7g6*
:)j,A'
?0&G$:
!v>TXt
 c!0OW?D`%%nY
N4,g*qV3<
S-G:)+q
8***h$
5@#232O(`L
-)b5v
4j537]=
=u,un1Ln:MtB2
;o;8o!
m=r03'<tY<S
%m#HW
"1Io2Z ;#f8#cT
V3EX:
EU5{C%6d
6|*.7^}
)R?$*Q
|Wj/]\
b6<TM3;1
3/9P+}/
O.2b"0
NqQ&e;
+o.:\
,b5(_%)"%
u4@&Ht
$Aj)m:
8w3G}<
kY&16y0
"u>+7!Z@
?IR>/{
,=,W%7%r
!w/kTB$
"(2rw.
qD($5C
"w1N%)b0}X
G>|(F>(
F(;P2
*~.5e710/
:v%_N:z 
J7!8bi
h#V;#R
&'M%@L+E
7(3G~*
7Si$81*0^U!c
)J:N=I
R7UH.j/
/h6P9"8<
s%4 ")=~8N
4<QTa9|)w%
4.f*uv$
4/{;(}/
"qt;@5
H)&>Q1o
b=3#1'
f|!SN)&
([Df+x
 {N091+N
9w>6868G
>j``!i
(I-39&k{
N3Q&3|
1"5$ $2/
%%-p>7<
=7J-uR(%Ju
4p<0_\=
7M<*P=-M0
;v4\w/j
LDj0A8&b:
4t-8&l^
';3*$0
[;?8`5#d
;+,c:&f2
#dU*Ev:
M:<f9=
\!!1Y#n:4Wb
eE>R:,}%=
;q#A3>*/6
2rB9Fy
-pX.E\
:= "?y<h
5]B3"e2wr: 
X'T[+
"$$I;Y
%9U) *-
,u">yz
.0$oEY=
2kf(Qb:b
**Mq*)#Q%p
.pJ;Ck
!Aq.(X$ Pe
x3,3*$
s'el5fG.
4.d>a6/k
+1\%(4
JS$w3n)uc6
qL]>%+=
%!6'e{Ue2o
v>y,U:J
j4]/+Y%
O L/#F_';6
}3V>+j=64
;U,)$J
a*kK:P*
2C\#=@&2(8,
>.Mb? 2
*tf&S-
ndP1s[
0$Wx,xu&7[;Q
d!+jy*1
2!(y?5
QW6"%'
_B9b7
?ZL3OC8
6NW(D
b!J\"_
+ay)x$#+
uy!*A/
$M7&23/Bl
7Y9r )m>)>2
:c5.*#G6Zw
8!}'"O
)gr,;9s
X,!d0i
817A;;8
RE'=0% 
=_-W%o)d,
l&h>""
v{+h6
F0R+/-2
6zn%O
 lp59G
3#4DN4d
"<~*o(
/)!#(8
f~=EZ\
(+kPA*
)$ja&IY
0 4J1)<>
;p42TQ
;=]$)>&:
V575A6a
9??~M8#/A]5D
=/*n)
c(2NY:
X/U*W:A
25uo:
F/!=$
07'!7S
3Lm<!i;8[9
mp&~91Q
<O<G20X(
-nv,la
Vl>I',
$e4j.'`.(H]
9D6:%g-
/R["m/
pQ3|<v
5ze6RO(
} K?h{
%bV-Rx
ojH$^0
^=b2GP
[.\Tb1'
4md&!q+t
;&.1S6H%
K<rk)a4:
DGZ.=f
[{383%
ia?t,6^
&ss?*A=R
25@t6l
+krH)+
*W$[)1H;M
d&7+R
~#|)>p
p5vZ?jH
|U4x+5
h=(,Q9Tt
e-/Q#9!`x
s zh 5
"H5, YX>
&7&~'L
91A(" 
S"8?f"
))d2&&1
.6K(0"9C
gD4!#{>m
>-:?!GJ
QEV)6[
1\+s8R
&6'J]&921
vW5#-p
y"wj+=
`0?90?Z:
B:qA&/$
0'%bQZ%x,Np
3V8U<;
^w635B
:M \4;;/1
16X,k_
AC;c(877Wj
&"3K8Q%'?|0p:l) T>
wzm=jh/W-h=|1
5%$D499.E,M
Fa4#I7A}<'
9Y] `-]
`'/b2O8
uSi=~T
{+S,.;l
4"3-.&()
A|6;)m:
>(5y+=
tN/2@!3.
x(V6);R
6WG7.X!%p;
,]9[9c'<-
s22189
G|(7WH7Lq-
Md+djn
M4+'2)
@"7+`#[
/'1*+l3
T=4w;4
,9u2O%(0 <.24_u
:YC:*/W#
'3>,bv
"57.*';5^
]a=! i
D&/fG;
h;!'{l
0KY/~-
O$y3})
9s%\,'(
Y<P-*H7
Q*Jw. !~
XT5U-4%
V{!7yt79"2
827)b:z+
;%i= B)
f=[l5<Z6`
W)dq-I
sy!<8>!,
v2j/X;e
lj1i&>
D:2=''u
@>64w#!g6\$L7h
[5:}19
'J;,OT>z
XY.-`i;S
=y-c(V
)M!@.?77-
t4;H3r73H%"1i
LkO*K8$'
G!B!-C
f'kG .
s9'60/
}<8Cy=m
5)k.&7?0ZS
8 $1|41^>sE
+e.36OX$W-,:si6M4Q
|e#,!7Q\
95*7c(
=P}8.6b
2R"_'<zR
(,`)0c#
,] a50$\S46
>%ruO9a,X
9.|#[as,+>W()
#C$3T+7n
F5.*8 ff
^q%)Ve
*v".ck&j
eya(<b/{8/-k
t\([:sE1
w!2(i8v,
w~ !3E
(*i>.;:
!v6 1`
$]!/Ij
:Ze?lm
'u7.*J^2"
[%v=.;/
:8!9?z)
&PbM5Y
D* !rb
2T7T>7
oX 2%';$
C=;P ^*!4
f#g'ki_)t
u+B{82t;6I0"[|%0
W)%)g4
-6d>>I
&%_( uw?
v}.mx>I
Q;8<>+
q8'&h3]6(p/W!,X:
b_D ql
n;80!"P:N
*O&,!/3
\*Yz.Xh2up=o
/.O&G$
Z.)U:(j
8ND6X*
H-or1PGU
.Syv)=r at#'
 G*.dsF)cV
.X C$C,s+0
`"<c:v7.K
6 "=ek
L*\+(1iJ>
/W:v$+R
%:"A53[#`j
&:R0'37
VR"S<5{8
IZ*U=U:
qaW<h&
z6Y,;b
,"3G.OG'j
602a&n,
J?]*4K1
~A7+33VM"o
y3)uh
7r<_)K!
S+*M1"
8+8W2C
S!6@A>)q|/mW
E%0[T".
5W1 <!
(?iSx4
=0>e4O
ui5pC}&v
G(hkn.)G
Q%`07t
M7&NX4}
0tI6/~X&
JE-Oh2
DL-wA>
4-Q,Xr
aN55={
x3+X3r)<$
&$04cR
C4<>SP;Z!\=
t}O(G2
\;D/$K2-
7I#-fZ
O&?i'9
{/cQ,<
*,/2i\
1Il"nz3
")+6Xm+x]
/z$,Wr' l/
5E?h+U-
 %8D9?0j
GQ18J%q#
> x)`U
z$dt4Xw
oU445j
U<,lc)-,
7$@W:a7(~
]A4&$7-
Li2116
-3n&$e*
j!C"7
G5*w><
)96=P&c!%
@l6{h;
%8;/17:1
*nWY3WJ>
a>(eV&Tfi$
BL?x>m8c
g@(4+8!S
i&#Sk*,
\P1o7/&3R"JH
-_.?z$
32I'A.5O
$,) R%1M9
"&E*KT
o&%.@0\&S=;/tg"3
a )~;Cl"Hw5?
"9I5S,
)-'k>, 
00yc1[G)8W
+zE7dG[
o>:u6i
4l1f 71V
GJ;G<w
9M=in~)<)=+>07a
|%?B&::=]
k"T[7p92!
Q(,6}"
.4n4>7k
h:]5}P#r?
C4prF'!"q
!?K,rf%/Ph>_
No}1-(Z#J[
?)H<*a
)*:K:"*'6%$
M343o0,a0+'=
B?"%*#
;^6*m.
-71rv"C]
KeM-d|>
;6:&$\3Eq
G=8k55_-
h?.2;{
,eH:e*(t
g:5b7(6
U'f>]1
n4r>9?}47jd8
H\<DX:
<D+ bm~7:X+
'\zu?5+
!o8m;-T6Ph/[
u0 &m1
%:%#8?
/3.tQ?
5+Ec7BV+
[-1@z7>50
.7vW:C
=q,8V<k`:
'zC =r(xqt5
(S|&(E&>[
TE2wF-
j,"O?9
qWv9F];
8f/1d$~:'
[<}W3E*?p<
./Qw<J
hu>5+,
1ul&_Q
[)&|C$M
+-{1VPy3T
Am9283%
1V%),.3K*LS
f'3?Q"U
^p?232>,l'C?/.
p:'<5f
&k&3[:W2r
s~*((Ec
G2615`y!{:+
{3n$<u
4wG=3T:9n
3Fz+:
@T6 "9+
"09'~:#
>]n8\)_0
Y<b10*s=
+!j )+AOa
&96174"
222-s-S
8aX3$n
TV#6.J+Jn:n0i'\!B^3x{
RR31?9W-
:7[S >0&U
/|y7%$T/
~!~WP:
!S`3[
481206
Z=%HPR"+O
-*PT`8y)
B=T?)%r"m2
#"%;EUw
n4/W9t-
3w,62[?4
c5dP7+c4
*e,%<(
)> o+?n9c
G)':wv
*eZ3l?
=/j[.q
!49FV19#
J:Q8Q:
;?,~t?
X9b'jR8&(D,
(>_&zr#
))^G%a
3EM5XU
*) Bj;
+Y43-3
K"L<.7z
kX+<^1
(g { 
F1>g 8m
:$|"7 1-D
<p^#NS
<2$:&li~>Ug
"#>R/H)1o]
9:t>/8>m,C
qr EG&Z&h+B&Q;r~-%w1
S-)$,k5*
#IE>HG#;
S( x6J!h
 KO%WL86%P
.{&/~
_=kH69Op59
/v7Fn=Q',
`;q$1&
:8=2?&[}
+M'-l=!
!(/?u5
!VK)/+
]u.6>0rk-Z\
dD4ah@
)&L$k:
W60g&'
h< B<w
>p0g"43O3p#v1
39x?9t!I
2M#`s%Y
Ov=R~,
+?S =V
=uU+2}60
Z;Q>!y
t8)x+<3
HdQ7o%2$
7K"L|<
s fy!
'"$wP${60
>+~W7i6<
/=6![ 
<,3'=
Ht:wI,I'
o"nm'|
:C 0h)x
R'7bK3F
1+S6|b?
Pd!ns5
)WB,qvU:
+c.J;{<
(}6Xo5
uZ,@2AI
1(+$/12I
>'$W*O
Kb=2[q6ZS
1dY5Z$20k&
,!I./rEn398
*F=S'1Ir
0"2!jT
k2~w#g$4
TQ$15Z
"pd4W~O6
,R&{:=ie>
|/9&l*
/Y9J.'+}2
Q1_YR
-,5-"5P+
[K3L"H9
V-&dA0
!625VW-A.:H(M
tn*)=@GP%K
><G%[1
E+:A>&
06ky%,C?,.6
<y=RB(
<T$ i|0
}*:]P*n{
M5&$3}x[0a,
h16`%S
7Fb0+q
^=~"<-A;z
@+]!e9.+*l
O57+r;J{P
_3#d:#
U7=V?K9n
=!4&:
33kY"HB8
X/,r?:t
A!{%%$&!k
/4r*+F
^2)+$Zm11
H-\L,-
f)c/8"b6C}-D
0.yv$j8+
1cl2W
)j3d8i
?:$<S-w&~
 rG&Qt
"G3:j#=
/&].(v45
"&D9#;
UZ=&9OW7Ny
\"$-T# ~?
{+ x"5
 f0e(%,
yq{$p*o#8
'F#^=^
.Vr.M_[:P|
'(J2&1_
f3d@0%}!
WA6+?,
-x4'6}""H*+1+<
'4/z>#{
gp4>5m
<'b:B;zC?
 Y>'U=q
~G;h2,"3
\v$g+4fP,-ms0>
,+h0H=
=_]"Ai_
3V9.4>
]k6;P'-*
?{9a4zc
B<?j~$[%
ur1.3(7$
F8(#Z,B
EI(z8=!_
'(2tf>Sc
?=,4d-
7ch6*z
W`>0g(/
)" A1~
|K?] o-
1;R^)z
1 #5}I/`
#F=34#
!m*\O+q6+oe/h
T~&'?&X 
z"%:6ra
?"KSP;363~8^>,S
;e&e<dbK
{x.0dWN
n*I<.u?
I=>&t4=&/2
,1-i%|
5?.VH;
#\:M>dR
" hE 9Z
D7:T81)#j!9B:z.5
w-#?!V
#lf6 8F3J}<Ow
2"_>d=~K9-
|J4A;B2
+4}4ua<
=2=L+r!/3/\-
Hq03#.@9
Kd%6.-;u
5'^i;;'*
01c"D)
V"m$kN<
f,1C|A
'1+<^%E
7.s{:9
0y##c%oY<X-)
+a9P+GJ
H{"Z'Rj4
.1>A=4,
(T-g*#
?8= T#R9
%Q77.=k
D+'[
x/~E2"6N?.t)Jj7D
'q0[9_
$m+;>=}5F
oQ7?B
yR=+;9
 )0o/00v
7m^<Lc
r%3f(tb!#
3'!@%z
faG4INy
0.e#G<
<7Q-BY
"_>.0c
;Fg24,i
n0?u4R!s6
f*]k,p'-.+
't9}"q
?<''w#uS
 5(3FY"O/4!Y
{"XO4uV!(A
#3>!()7;/-
6&);M\J
#HF+\&)#
|4,![+
Z73(HQ?h>V-9%L&^2
b=?}G?L8.39,
//W".i3/;.
!+XL2q&mw
Z"I<<Z-G'8@9
<w){?%C^
JI2SH?
(0?"4&<
*<$kp3"x|,i
]Y1>}<1}
X,(z8vb
z.tc*=3=1X
s%X>qN
3:&l:~
`9/Yb-O
4Y($78k*_a
v!&L?)M<
Av*}-a;
&^@i;0
#:D6%9ZH('3B
-vU"2$
(=@o}
9d6P"{;]4E
-s?<'W
>->/;LD;{
_/=X'(E!%-
f":H?/
2gc3hY
%j'v50k-
%gx4=%
) u+%7
$~,)~;
*!8%$g
 z(d)9~/
2+O>P8`^
!%8\5?;?$;1m
nK&r:aTw8b93 $`
V1C@E#N'g
c)(,'.
cf9.'[y
f3)@$=L#ej;
ElT%(-/?r
k:"0]-s?6,*/
"6j>T6Rh
6$]:"y&
1Xo*=|4
:=y)X.q9
/QC4-)H
\:Z/`=
~#D^4}#
f<)U"#
u(bD;-
s O_p9t
z5j(?F=6$
hQhb1-
0=2!;!p
4C|$,NU
)I<E7M'3C
K:C1;9}!
'Zb7++_?1S>[<8k
k#D)at0c(
s7L>7Ir
b){^#0Z>6R
8SB jhX=
]z.g<9
o*(|^"=<
& J}Y#!,.O
!u:y;s
Z14.9-5
AJ#I,03N
a&#:."%\
o'V!/C"
S'3UX!%cH
4+,ra%+^5^
I .&)RJ
Gy=[=`9*@1
n2M4~><Z4
+WB3R<
{/0([*
'(}.Ssm2v
Ti]$V0
8K7h(3/$1&41>B1Cc
Nm&)l7
!2sK3*194-u2
v!5~-%F
$}Kj=V*
#u(.+A
om&J)b2
#I=$]C4
Z/Pn22m2
zP).t=+
U2wr*Bg1[
7KX*875
1=H*&/6^=MY;
Kh2*A)3
0e$t'1J+>q
f$A:z\43?<hmu,_
~~A:}C
$y.4O ;%
_(z#hU
uK0!qP/
E3PSj.3"
K2&7+3!<L6
^Qp&%"B:&"$a))d
*|6)'2
<GJ;,&
1s2:(A
 .#0,.=
8U5=C&
h\0,H<
?D"?c~
F{2*6"-
>9049q3
1h#5):
9%#0Q25`
Y"b,%b-lcB 
! Jd%5
*6=bz!
H/#_<f
Tz)^l6
-$M4-,
EP,x+a
E&0fF'P?)m1
"tpS,9{$
X(`{ 5
iOi60V
{8dt/%1 V%3eM
B#k8a$$
v7@S"2q
w%"l(_
D,<~/2.zv%/(
$'.9}Vb8H?Ye2
jt6m2!p
2:6Q!b/AU =
wA7Hy$
6*m? ^E
r)$5%J23 #I
%71 90+A9X4*
>'4O6Br
&S7-F%
 "|O'B#2
g4?0%k
RQ=T&(
j#>)2"!>8pt4
x7u&ji
/!(q/)k*(6n
[4`a-Q
=f<~"=
(20#>F
h<5C9X
f),4\7DC
!C0tw 2'
m<9}.v
Y.&29*yo!,=uWU
NB#Ux7-&4=
+8 V| a(4u
*8<@"mX
w f(KU
+7OW:<.
<.f>c}M 
:L<g?!Tn88`0>0
686/>[
3?iai 
|G5{Df%
!*=Rk(v
><Xq)F241''
/.R.xn
:~m:d0(
'#<D905
JK08a/
%K(R9-
?D$4v%!Bm)\]
P.u)&+
*rx'%m,
@<'G*.U-w.
:t3#+k
1r#.x29
W> "g6
)%O?5"1
4(9^'@
::*0|;
o3:/Pm"p?
@=:3,)vn,
1KAc,t5U
Z&.&)=
xxL!h,f=`:WQ9dHT)
 >*O4is
3+jV Z I
!/L5D$c
1@2"Rq
"5>23w9
=5Oc"
J3/My9
+x1Hn##
#.[4m2'
+/'KRp
ZW+%_<
2Dt.&'8/
Sv1J2C*d^
~(U 8|)anr
5"s)2,
E&Q.6g/mn
<Vo5|z%
z!0-6i|'0O5
6>iEQ
x0k<N;
"R'0P:j
'{"pH1w)6=]$
 +=W1"@
`<]p9F>F
hP5U\j0?
ou.4x!
d)HR=Q*9R
#4ys=$
=?-_2i L
#:m+*8
b @)!%X:!Z
aW~8\<S,
87S61gJ)B
cAC.0 E
50Gf.4<i
xM1=T4^
B?k6p!]I/
4<?5}l
1-[]2o
.;[7`,
#v<[95
+-r;$:#
)x%z2S]a
7Kt%7)m
':T?Zq0%Q9s6[g
k^+ft8 
;?{Y-`0E
c!(i .
V9<|(E
(RJ(Z9 V
!['j7"a
&X91g:
9eo1T7m+:nV
.7>\=w$=
+ q%E+"
y52\$193<
KU[4N
%=F-u&&
7M-?2,s<:9);jY6
:;c#V.m+k
?>y'0=h!-j
W!,Y= {
,{">0i+n=h
eh2T4>
H0,+?6a
"BV$16$?L
u$m=M$
5+QQ_*
" 30446
24[M3N
H',7M+
yn&65M
.-a=8)S*
 L?)+@
Z!;'9/$[1? H=?
t/Cn&q
O8i(dQ
==6|2s4 8
(+(&vs
<g<.l<
z4%>&*%
7;f+:#Q'
p3}w*l
R.yY;\/
d%-z%|y m
$;bS!c)Hf06 t
.#?$rjx4)*B
<tf73RS)O6EU;
<?&;C_
a6m &Z
/+[Z/6
Y,,!/9]
nk7wgU&a-
3;6|W
16I<n 
n'R2Qz
T[12x?
)Q(W.,{
&8U6W/
^+*4J
bT8-4z$,y
-#Y?ON2*%
r#/%o5
(9L27;
bR:rWH1[n:
@82r24!k
/~>#tn.
.(}c&eS:8%
m|9 7x
<:?,*8=
nH2~M!N*?g>B
%~N60#""I
(x-:{Y
l_*:61
8Oo/~3;&$r>=
20Oe2F#
Vt<-u6N24Y
ny>+oZ"
sA(rD*
_#\Y#(CA
g3%.-5A
[>s<{.3X
;??5I
>K;%#[
eL/j>7s
!e9%_1tPr=3
\4c %]{
a=*`,G"
}"2{n$
Y, i3p
A1*'0]_
7>?%94
F^*$Z*R
9]%0/T
D("qa03$j,~
'9(vjG
)\nd!(
8?|5N>
/=IB:MP.&

Process Tree

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe (2400) "C:\Users\Administrator\AppData\Local\Temp\034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe"
- 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe (1240) "C:\Users\Administrator\AppData\Local\Temp\034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe"
- 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe (2504) "C:\Users\Administrator\AppData\Local\Temp\034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe"
  - 034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe (1836) "C:\Users\Administrator\AppData\Local\Temp\034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe"

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe, PID: 2400, Parent PID: 2948

default registry file network process services synchronisation iexplore office pdf

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe, PID: 2504, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe, PID: 1240, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe, PID: 1836, Parent PID: 2504

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
47.124.170.234
184.56.17.14

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1	131.107.255.255
234.170.124.47.in-addr.arpa
14.17.56.184.in-addr.arpa	PTR syn-184-056-017-014.res.spectrum.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	137	47.124.170.234	137
192.168.56.101	57665	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	52215	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type
192.168.56.101	184.56.17.14	8
184.56.17.14	192.168.56.101	0
192.168.56.101	184.56.17.14	8
184.56.17.14	192.168.56.101	0
192.168.56.101	184.56.17.14	8
184.56.17.14	192.168.56.101	0

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	f076bc889c82fb18_tyrkish action sperm full movie feet .mpeg.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action sperm full movie feet .mpeg.exe
Size	378.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`30ffcab5c97add0dead1de07c7cf2245`
SHA1	`7427288a9e6f8bc76dd9e8850370ca42709f57db`
SHA256	`f076bc889c82fb18c0a31936f49b5f81c723eca4f5b16530d1581c6fd96879a6`
CRC32	`2F42CD46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d4904d5a77d75c8e_indian kicking fucking hot (!) (liz).avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\indian kicking fucking hot (!) (Liz).avi.exe
Size	1.7MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ea257048db856256cb3977140db8c523`
SHA1	`68857e604c61136d25e2565b2463d62325082d71`
SHA256	`d4904d5a77d75c8e911b051ea632f858f74ab17ee686dcf5ff3fe0425bdf3573`
CRC32	`5E9763FD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9286e15a4ea0c8c_japanese horse horse hot (!) upskirt .zip.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\japanese horse horse hot (!) upskirt .zip.exe
Size	2.0MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07d4c83e744c9d0b5576a77d02b9bcd1`
SHA1	`1fc243a44edaa97abb8ad6cd62ed47996043665b`
SHA256	`b9286e15a4ea0c8c93ac6d8b1b00a3ad03eb658e34ceb9cae6b7e8ccaff4591e`
CRC32	`86E23662`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b6f2fda046907d55_bukkake lesbian titts wifey (sarah).avi.exe
Filepath	C:\Users\tu\AppData\Local\Temp\bukkake lesbian titts wifey (Sarah).avi.exe
Size	476.9KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1152f94635b19bcb6e1eb830abda840f`
SHA1	`2c6c1764226522a87476054be8dc5d5735273dac`
SHA256	`b6f2fda046907d55893b3150485acfc715b3d1a36648a24f50469a746cd622da`
CRC32	`16199566`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	badcd29cef8df9a3_japanese kicking horse public ash (kathrin,curtney).avi.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\japanese kicking horse public ash (Kathrin,Curtney).avi.exe
Size	713.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3c2f0c96859fc773b1fa5e9728ef127a`
SHA1	`2ee4dfcc8110c68a2dbdf49814ed866659b9bfaa`
SHA256	`badcd29cef8df9a30d6a3afe5b081b8efa619bebf135b0037944eb5e6efa2df6`
CRC32	`2D952533`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e602abeeb92d797e_danish fetish horse public glans .mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\danish fetish horse public glans .mpg.exe
Size	412.8KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0e3b60198e8a7acad3d3da6a4d43497`
SHA1	`e1546e0184cc1d6d800644dd2702a9213cb941e5`
SHA256	`e602abeeb92d797e0eb5bd379477735e65e690e7d98c3fe05fc86cff427b9839`
CRC32	`E75BECF0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a7354771865befe4_horse [bangbus] (curtney).rar.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\horse [bangbus] (Curtney).rar.exe
Size	1.3MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`299ea1b5a169e07e4de1b8e436901418`
SHA1	`19fe62637163a742f368be2b95907eee1dadc8b0`
SHA256	`a7354771865befe4e3c410371ceecb9f389b07755fff24e2e946fa5ab4da5d09`
CRC32	`1207D59C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1bde100aac7c7669_horse girls feet penetration .zip.exe
Filepath	C:\Windows\winsxs\InstallTemp\horse girls feet penetration .zip.exe
Size	694.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6a54de525bb60e8d464c0a58b5d8c0ae`
SHA1	`527907039728602819d84a573c2d19a3dde73d2c`
SHA256	`1bde100aac7c766942626f41f7287db639c5fe0e31f4cbd0a906337145359265`
CRC32	`7EFAFE9F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fdcb852acfa643ad_danish cum xxx several models cock pregnant (janette).mpg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish cum xxx several models cock pregnant (Janette).mpg.exe
Size	1.4MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d1ef8aa48ccfaea222b3830ee1bea44c`
SHA1	`12761d4d05dd21dbab6af463ccce971823dcf094`
SHA256	`fdcb852acfa643ad42b19d82fc98e6e0dbc88fdf6abe3db47ecf2f24d42d68a4`
CRC32	`764A24E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d3e9244dcb81962c_lingerie [free] feet .zip.exe
Filepath	C:\Windows\SysWOW64\IME\shared\lingerie [free] feet .zip.exe
Size	1.6MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9e882ec9ef512b4eae9700ce0451c135`
SHA1	`ee828e136d5579f5e9a87561807422d332b8c92c`
SHA256	`d3e9244dcb81962cbbd4eea5edb4a49c4bd3e08ed4ef12fe735062c9a6c65185`
CRC32	`4FB698B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	105fc7e334cc7daf_beast several models glans .mpg.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast several models glans .mpg.exe
Size	1.3MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e0785ceefbd848433a95126e79f55aa7`
SHA1	`18a516c3ef9444dcfadf68feaddae39592e3f64d`
SHA256	`105fc7e334cc7daf8c92b369d7b17e1d1cb4fed3b8d6ca551ed6e17b75b8e913`
CRC32	`8BF82188`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1a73c24ffd3ef10e_danish kicking horse [milf] .rar.exe
Filepath	C:\Windows\PLA\Templates\danish kicking horse [milf] .rar.exe
Size	2.1MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e2051307703a7ce61a9fe560dc891adf`
SHA1	`e314072189cf16727253d823c9a13a87735dfc3f`
SHA256	`1a73c24ffd3ef10e362890a4e96e740529f29ccb1a89510472e7f5c6cfdf1967`
CRC32	`F5953BA5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7b8c7085d464cc08_russian horse beast hidden glans .rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\russian horse beast hidden glans .rar.exe
Size	709.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`51630ad4f28bd8d4647ac483a5ee511b`
SHA1	`6f8fd017d2f2b85fd3840518f29ea39918571e51`
SHA256	`7b8c7085d464cc08c8279603b416637af2fcb7bdef97e46ce4a90697f5fa2dab`
CRC32	`C4125F43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b2a595eee5f10e57_tyrkish kicking bukkake [free] sm .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\tyrkish kicking bukkake [free] sm .mpg.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`04c24991f412ade6fcf7aa214426f0de`
SHA1	`4a06e40e517616970b657912101bb8fd6db93de5`
SHA256	`b2a595eee5f10e57c0724d66e9653bac84bbb238ae5a9924b263b79047f351ec`
CRC32	`445E2B81`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	95ef9cde11179b0c_bukkake lesbian mature .rar.exe
Filepath	C:\Users\Default\Downloads\bukkake lesbian mature .rar.exe
Size	1.7MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1231a215e2adc8ca6a1db889d2c9119a`
SHA1	`7713d708d3fdd26782ca59c0c2177c09744d8c79`
SHA256	`95ef9cde11179b0caa05ebc71c96a7be7b63eff796ac7bc104a47b08834bdb3d`
CRC32	`BD044AAD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a88a5b0682efdf95_indian horse hardcore licking .zip.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\indian horse hardcore licking .zip.exe
Size	161.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`17cd8b4c3448c0b3e67c7b709a22081b`
SHA1	`ce0a20c9ffb7d1cf887f65f293e87f5a656b8cd9`
SHA256	`a88a5b0682efdf9514be8c117217b3abc1f1110d8e1dc744b9ac4d7dbb07b386`
CRC32	`DDF1D520`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	68bf69c839368396_bukkake hidden ash .rar.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\bukkake hidden ash .rar.exe
Size	1.1MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9e1d280607616c5b119749ad5ecfb143`
SHA1	`01f01daca9dec90a44a6a177fb48f4b229cb7dde`
SHA256	`68bf69c839368396a6916bea313039b89df3ab881c66930f957d96d10902b1ad`
CRC32	`6292CD30`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef73f5c36687875a_sperm hidden swallow .mpeg.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm hidden swallow .mpeg.exe
Size	446.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`73a9d71200f2e41a672e4900c6c2aa6d`
SHA1	`b18f25c509710773ff856bf62b484a3a5e776fb2`
SHA256	`ef73f5c36687875a796a1ab4262de23d487a5f908234eff7ab889cc7fd4e777a`
CRC32	`73527544`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	177169ac16601425_black cumshot hardcore voyeur penetration .mpeg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\black cumshot hardcore voyeur penetration .mpeg.exe
Size	1.4MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0e88c1f6840e8723674f4cf59f3d1bd6`
SHA1	`628050feb9e3ece5369421fc02c36340a26a8e8d`
SHA256	`177169ac1660142523673c98f349d54b37dac2010abd4cbbedf74add12d9f854`
CRC32	`C176CA92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f65ae268bed27cfa_bukkake [milf] leather .zip.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake [milf] leather .zip.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`43104d428370a69a963b05a3de6ac157`
SHA1	`51685d69bdbc0168c32cb1581633715d61f8e8aa`
SHA256	`f65ae268bed27cfaebffc7b8bd542baea4fb36fdfe86d95a83ae2f97e3a64e02`
CRC32	`ECF91F6A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	84439bb3c202afc9_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	ASCII text, with CRLF line terminators
MD5	`31d3ab81d7c2efc0acf0451570bcfc74`
SHA1	`7a5dbac225943de019d4de1f7385699172a24464`
SHA256	`84439bb3c202afc9d985c8fc498a2233884515513dbed6206a33a2ab0a321cc5`
CRC32	`BF45FDD2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d49997e0327d6ae_swedish gang bang xxx catfight cock (jenna,liz).zip.exe
Filepath	C:\Program Files\DVD Maker\Shared\swedish gang bang xxx catfight cock (Jenna,Liz).zip.exe
Size	778.9KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`917f50b1ae1e5f955c4109d883d0a548`
SHA1	`b8d655f6de9057973d93e56e84beb78962724e34`
SHA256	`3d49997e0327d6ae4aad730869ef5e1d13848352297e00778f8273ac0ef358b3`
CRC32	`0298701E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8a787b25405fd92b_bukkake full movie hotel .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie hotel .mpeg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`04a4a95dca9e3934e8f8a1c94a8d8125`
SHA1	`843b7e574a955fab6503de471fb076d905c1993e`
SHA256	`8a787b25405fd92bdd1612e4a21dea2780093ffa24b3ed033378ebb62e08a3a3`
CRC32	`46B71B61`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6803299ffdc64466_american gang bang sperm [free] (sylvia).rar.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gang bang sperm [free] (Sylvia).rar.exe
Size	484.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8c40daeea593b9a8d7255c447b0b6914`
SHA1	`fc07e790ba1be82c306bcf74055664d09ad13cae`
SHA256	`6803299ffdc64466416dfba1baad5f1caddec2aa6d19752c5ac02440d2f952d9`
CRC32	`550D5A3E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f7b72fc19da939fc_swedish cum beast [bangbus] feet .mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\swedish cum beast [bangbus] feet .mpeg.exe
Size	869.9KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8775f30f6c1bf0ae083b2126f190af86`
SHA1	`7556a699cf250fcfac23b1677fb1f22a1752f6d1`
SHA256	`f7b72fc19da939fcc79576df8e0c93bff70153b8c53f5442340ba3b5e587c5ec`
CRC32	`C4440DE3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fd7d8f97d302de69_xxx public shoes .mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public shoes .mpeg.exe
Size	315.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f1776f779d63edd372878342fc23dd1b`
SHA1	`d09ff3089a5823a718e851bb000a55099bf2f823`
SHA256	`fd7d8f97d302de69b3702fe54ba75a1d88bf883245537b5d9b7a876d78c4f117`
CRC32	`37636826`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	180bdaa10eb94b57_indian beastiality lesbian hidden hole .zip.exe
Filepath	C:\Users\tu\Downloads\indian beastiality lesbian hidden hole .zip.exe
Size	328.2KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3977d33fa85f5551d7fce39ba818a86a`
SHA1	`cf1771c59700f864c43f1ba1cc02c48b8afc63ef`
SHA256	`180bdaa10eb94b5739ef6d720efbc469915986fcd93e1296a83c856d5c759e43`
CRC32	`ADD7DE5F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	18fd93caf571c8a5_american nude trambling sleeping feet .rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american nude trambling sleeping feet .rar.exe
Size	1.2MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7f04443cd7713a3895027ab5e8a65575`
SHA1	`f206ef14dbec03be6535e33daf86e2acc8ec0945`
SHA256	`18fd93caf571c8a57095e6afe8fc81c72fd946afe50c52f9b1c9c569bb68bacc`
CRC32	`C1B672FF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fce759005ed27ef9_bukkake masturbation pregnant .rar.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake masturbation pregnant .rar.exe
Size	701.0KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f6fe5b1650fa84fccfa3f30e52e0348f`
SHA1	`5cc60243b802e6b934d18b27556909b652893eba`
SHA256	`fce759005ed27ef9c81a1d327e8ccce73b5cb472899a52b32389113d1af36aa8`
CRC32	`8D7BE9A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4fe4f0c824548d10_black beastiality fucking voyeur glans fishy .mpg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\black beastiality fucking voyeur glans fishy .mpg.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e2be383844cdb5590d19ad805546eac2`
SHA1	`7fdedffde8c04fdf89ca712f56a24b31edc145a9`
SHA256	`4fe4f0c824548d10b5e397d4b1f7da379807a60609a864ab7fd489684c6c5ab6`
CRC32	`552E5515`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	420744076c3fd63f_hardcore public .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore public .mpeg.exe
Size	805.2KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fef8602f0ae2a525103a84251c4d64a6`
SHA1	`65559ad0c8663f29a8057b408f7e356fa491a36f`
SHA256	`420744076c3fd63ffcdf7aff333b38c0d349d70dc6060408ba782865d56bf2e1`
CRC32	`3988406C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	203e14c266b42b33_danish kicking sperm big mistress .rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish kicking sperm big mistress .rar.exe
Size	592.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d048f775b59fafe8b4a04df61abc336b`
SHA1	`e0fcd2ec529c37543bb3827af8c52f1a3cd56603`
SHA256	`203e14c266b42b332b475be7213db854fd341ab17dd61924b1aece4803268fa3`
CRC32	`621EDA8D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f4f6dec54a373b7c_indian fetish trambling big .zip.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\indian fetish trambling big .zip.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fbe6e927debe50304ffcf85069509bed`
SHA1	`00d8d283f3a337aadcca310bdf6fbfb095e82e34`
SHA256	`f4f6dec54a373b7c2d500de0f69892792a4836ba76f700840eefc970c6241970`
CRC32	`A88A8848`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf9b28795de85060_nude xxx catfight bedroom (britney,jade).rar.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\nude xxx catfight bedroom (Britney,Jade).rar.exe
Size	1.8MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b36ea8bfb452ad8cc3682474f2d0aa4c`
SHA1	`96da5ba7dce49367254b3ea43f43a3f41e88d131`
SHA256	`cf9b28795de85060b79576ac7f27282c932382ea2206b0bb88a1778a85a957bb`
CRC32	`6ADA83F8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	96f19f0eb621de9a_sperm big hole black hairunshaved .mpeg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\sperm big hole black hairunshaved .mpeg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eeb5df5200ea4cade5d2cfebf06fad7a`
SHA1	`c5932ae35102721131a7c36518c0eb1c59aa5209`
SHA256	`96f19f0eb621de9a2c9130cd9f80f085de009bf107c1542c4d53d2213a92d13b`
CRC32	`4070EF5F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e54840cdaa7dc598_lingerie full movie balls .zip.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie full movie balls .zip.exe
Size	778.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b9572002ee685c1d82f738365d10b658`
SHA1	`8d0b3c2380b0ca9c7513315aec03dff31d156591`
SHA256	`e54840cdaa7dc598f8dd035fface197e90c1e1644a216ce7dc7e3fbac88fb348`
CRC32	`1466E102`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	961b1abf3f168b7c_lingerie masturbation bedroom .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie masturbation bedroom .mpeg.exe
Size	613.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a56eea3b16f518087144f567853aaa62`
SHA1	`9eb4df4c74382b6ed41e2ea27bdb342a05d4ad02`
SHA256	`961b1abf3f168b7ca7d7f389d7a1130e12bade0a0cc2499e68af75a36a41c94d`
CRC32	`41FE12D5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32e5f16d9d9c9706_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	580.3KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`32ce42c273ebbbc3f7166cc57d9a8118`
SHA1	`76f001141d022a599d1cbada3f8dd7f7e98a21c0`
SHA256	`32e5f16d9d9c9706f3cfce0460b3366f89ae85fc0fa9db4a7d1352d56826c585`
CRC32	`E0E0F5DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5ff06c71a627d1ce_indian cumshot horse masturbation titts high heels (jade).mpg.exe
Filepath	C:\Users\Default\AppData\Local\Temp\indian cumshot horse masturbation titts high heels (Jade).mpg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bf1e8ee5da7e03934b2166eb36fa1541`
SHA1	`58d5bd3b301f1677ece0dc5d330a962474a46cad`
SHA256	`5ff06c71a627d1ce54103f8f22a59b54487a4445d5835ffe4b9457796fc3dfbc`
CRC32	`FE945215`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2c86ddcc6cbe240b_gay [milf] glans sweet (melissa).zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\gay [milf] glans sweet (Melissa).zip.exe
Size	175.3KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`095ee453dac29264ec0236d34d03ed28`
SHA1	`39a603d869219ee946a91eb28dbbac1b6000e6e5`
SHA256	`2c86ddcc6cbe240b6a1cf1b40e186d09206b880badc6bf9903764b704b1ea0c8`
CRC32	`9E039270`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	00ebca6cde5b0dfc_indian gang bang lingerie [milf] hairy .mpeg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian gang bang lingerie [milf] hairy .mpeg.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b1d11e9d7a1944010b95991a6d637ce1`
SHA1	`c76f6c7fd98350d4ee51e43cce51bc39d413316c`
SHA256	`00ebca6cde5b0dfc06292bac9f1ca7cc3382104b42888eda444ed7fc356f37b4`
CRC32	`EB5BE9A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	846eb00e216739ca_porn xxx big titts hairy (samantha).rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\porn xxx big titts hairy (Samantha).rar.exe
Size	1.6MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cef62eccdbead8e0204f60a56b299c3d`
SHA1	`f9bacbaf1880c4d5e1403663565f109e6a949e4e`
SHA256	`846eb00e216739ca81723e49d14cc5884dd4fe67e38aecfd737e3e1df09eccef`
CRC32	`CFD8F0A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	44c7131c2324e333_black nude lingerie lesbian .zip.exe
Filepath	C:\Users\Public\Downloads\black nude lingerie lesbian .zip.exe
Size	2.0MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`438bf8c4b3b226a4e3e72707ba432166`
SHA1	`3762a60888b85b9875d8b851e47d611d719de9c7`
SHA256	`44c7131c2324e333d3508ae32678d69ad0268b63e6922d4f85690a1cc61fc3a6`
CRC32	`C1D34886`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	832d8aa4e19456d1_tyrkish cum gay licking latex .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish cum gay licking latex .mpeg.exe
Size	1.7MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7613a5a6730965fe4dd242c2c4a765ba`
SHA1	`aeecaf54df5eaddb4bb548e0f64af0f4f3a52e67`
SHA256	`832d8aa4e19456d1f85492770f204a715f256406e2222a18e7934d485aaa5480`
CRC32	`7B16822F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e9597692822beea7_swedish gang bang beast public .rar.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\swedish gang bang beast public .rar.exe
Size	2.1MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9f3afa11643dddf99a1787a54ab51834`
SHA1	`84fbb615d29036eb118af621a05ad11482d79c04`
SHA256	`e9597692822beea7e738832c5790577b55e10bedcdb14395a26c1f10fae59d36`
CRC32	`308573F7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e3f19b31eafdde1_xxx catfight glans upskirt (sarah).avi.exe
Filepath	C:\Windows\assembly\tmp\xxx catfight glans upskirt (Sarah).avi.exe
Size	394.0KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`de8fdd7ffd9f1c6af5f73be6e771f464`
SHA1	`3855c996a48b7df76bbe58f245bf0ed1dc926873`
SHA256	`5e3f19b31eafdde11d07e1caec337deff148c27193e13ec71ddbc6e7ea0e3c64`
CRC32	`176AFBA5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b37c2004ad86bd51_japanese nude horse girls .mpg.exe
Filepath	C:\360Downloads\japanese nude horse girls .mpg.exe
Size	1.7MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`59c42531ac297754813208fc93114785`
SHA1	`1aea6fa3d4d10d259f7d93010b8b8355fddadf8d`
SHA256	`b37c2004ad86bd514ad8a91b991c67d2e21d5c03bbd344437f99036bf0010c7b`
CRC32	`F2B86E19`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f491d6abda576a5b_sperm voyeur black hairunshaved .avi.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\sperm voyeur black hairunshaved .avi.exe
Size	587.9KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3dfddd99ed85e5cd779e4b767cabe8f5`
SHA1	`3f6c1989ae8a6537244d56918eeada6990e4247c`
SHA256	`f491d6abda576a5b72e005c2a44e132d3ec79508feb8a1d1d4e1f932faa15555`
CRC32	`0BA16B2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b302d6b27ee96d69_italian fetish blowjob [free] (janette).mpeg.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian fetish blowjob [free] (Janette).mpeg.exe
Size	803.6KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`41cfd14c228464eab5b4fb1bffc164cb`
SHA1	`05af6d41edb9eb19f5f3f0645e4968a332de08b6`
SHA256	`b302d6b27ee96d6975a62bc6459f17ce6d7c38f1168112abbf612f84fc192799`
CRC32	`416BFE8E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	61cc0d9be524eff5_brasilian cumshot bukkake masturbation 50+ .mpeg.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\brasilian cumshot bukkake masturbation 50+ .mpeg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`73637b4240f3c8a79eafd1cb82342f83`
SHA1	`8829a9180ce5c2e670d9050cf4e2051fb62aa16d`
SHA256	`61cc0d9be524eff5cba866d9caaca176f92a434a0a80c0a8fe8f14f6a7850ce0`
CRC32	`9ADD8C3A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	82e2bcf9b6a54644_xxx catfight leather (jenna,jade).mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx catfight leather (Jenna,Jade).mpg.exe
Size	1.3MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`28ddc07e7e4a60264cc39bc012557d4d`
SHA1	`8dbff3a1d900388d16153c08e19ef46d3e863044`
SHA256	`82e2bcf9b6a54644cc4e6dd63b825ce7170017fdb8743b6beb2e4959b6ca68d8`
CRC32	`A852D464`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	09892694c104c540_beast catfight redhair (sandy,sylvia).avi.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast catfight redhair (Sandy,Sylvia).avi.exe
Size	248.8KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`568d00d4984c1580d1fc73978441be34`
SHA1	`aeb7c8a81f3cd089c42a6421bcab9ff707a9cdcc`
SHA256	`09892694c104c54076e54fdfc21bc5c3903905f73a8af6f7cd2afc0069c72e71`
CRC32	`A7702918`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	74a407bdcbf99184_danish animal blowjob sleeping .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish animal blowjob sleeping .mpeg.exe
Size	1.3MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e7cd543b9772bb05e4fc4b2a248ab4a2`
SHA1	`12db4cf8f1e2e458bfe3043f1cd88acb6f9cd3a2`
SHA256	`74a407bdcbf99184f3db8826262a1d7f5fff68bc25ce22f3037fa246b092dd40`
CRC32	`1804E1BE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3727b3638949723f_brasilian porn gay hot (!) (samantha).rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian porn gay hot (!) (Samantha).rar.exe
Size	1.6MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9ae3b03158884e17251f9c2d37dfe57b`
SHA1	`b2e9aecad507894623717e4435e7443844aaf56e`
SHA256	`3727b3638949723fec1e9c22cf07c95ab2c2ce71fc0061c684d47ccd77f6bd21`
CRC32	`DA528410`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e7ac2f2750f72dd0_russian handjob beast lesbian titts 50+ (sylvia).avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\russian handjob beast lesbian titts 50+ (Sylvia).avi.exe
Size	1.4MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e0707c6b46679ed4530b8474f72f7095`
SHA1	`9484db233e58523df56131d624653d37b1727d7c`
SHA256	`e7ac2f2750f72dd0ea17aa79fd0f6f910a6a4ef8101bc8d84c09712d5487bf19`
CRC32	`20D0071B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1bdc1d8b2ab2bbb9_lesbian [free] .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\lesbian [free] .mpeg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`be7695e1056af7984e0f950c84151541`
SHA1	`a324710dacef74e853dd526dcb9116f308736ecf`
SHA256	`1bdc1d8b2ab2bbb940c3984e10e8b3d79edb665935a96432689a1c7eae1b2547`
CRC32	`5F48FF2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e09d5c73b27eed0c_beast voyeur feet penetration .zip.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\beast voyeur feet penetration .zip.exe
Size	1.2MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e53def826d710c92463d542a7cc1754d`
SHA1	`ce3e6f53d08f88aef63636b9577434da7305c228`
SHA256	`e09d5c73b27eed0cb8dda469226dd2f3be90ab804b0bfdca86d1f7b142731dea`
CRC32	`F3FA7156`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8ab4190b40a52a9d_swedish kicking horse sleeping .avi.exe
Filepath	C:\Windows\Temp\swedish kicking horse sleeping .avi.exe
Size	1.1MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`02b4d345ffb6f3cb69f9f37f3354e2ae`
SHA1	`b8d2ad43f0083fac791b20274c6f0ba1065a66e6`
SHA256	`8ab4190b40a52a9db1d56a9ff178d1f9ca9d673924aa76de394bee072b17e312`
CRC32	`B7D33F4F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	686ab6aa319309cc_russian porn blowjob uncut feet hairy .rar.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\russian porn blowjob uncut feet hairy .rar.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`171e13750d0d0a445becd1e009eda062`
SHA1	`37ae989b23f1c062c167e6c6ed69d65791a84af2`
SHA256	`686ab6aa319309cce594db737d0c218371bc38c5ef63e9b57926344f7ef4d5a1`
CRC32	`E6118B94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	deee75b01917228a_xxx sleeping (sarah).mpeg.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx sleeping (Sarah).mpeg.exe
Size	394.0KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eed73b212a704d658096fa8486632fee`
SHA1	`176d421aaa45c3de28a3cfa8b218ba99cc4cd81d`
SHA256	`deee75b01917228a4cf7824180ec40cf919d67b2acd79eb2ed83e233d6040637`
CRC32	`079C5928`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a3250493da13eb5_indian handjob horse [free] ejaculation .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian handjob horse [free] ejaculation .avi.exe
Size	1.2MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1010ee5aa9c426c40a882d2829823789`
SHA1	`d6b33a7972101e2de24ce08eeb4b8e0b71c66f97`
SHA256	`3a3250493da13eb57e865010ba2ed8cbc2f4235749161725d9787fb0a6b690cf`
CRC32	`A2486DDD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9eb8ad797e2b917a_hardcore masturbation .avi.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\hardcore masturbation .avi.exe
Size	395.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`71e89eabbc2358d455cf1373233905e5`
SHA1	`71e3bb21e90233696a530d76bbacd7c86e195f16`
SHA256	`9eb8ad797e2b917a494c450cdfbc05207d3f1c9957988104ce87c54ced5e48c0`
CRC32	`1EDAFDAD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	863fa56ff63d6560_danish gang bang lingerie licking (samantha).mpg.exe
Filepath	C:\Program Files\Windows Journal\Templates\danish gang bang lingerie licking (Samantha).mpg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b0c053bf0483661e075d345d811537fd`
SHA1	`6083bcc29bf0193d500a02a1b456ffd4fb9ae557`
SHA256	`863fa56ff63d65600a1901c4ca29c9857a8c9c7bfe3ca89d7954d5863e4bbdbd`
CRC32	`62A92399`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78a7741f4f66faa1_swedish cumshot horse [free] hole lady .zip.exe
Filepath	C:\Windows\security\templates\swedish cumshot horse [free] hole lady .zip.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6d09b2ed313ac82eda35aeeccb2eb5a0`
SHA1	`2c06fadb8f364772a76d26889094c2e0cfc0cda1`
SHA256	`78a7741f4f66faa15f70a769371bd3bfe1865c42455d66a9b6702fc1dcc52d7d`
CRC32	`88291D9E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cccbca1c184a9fa8_lingerie hidden femdom .rar.exe
Filepath	C:\Windows\assembly\temp\lingerie hidden femdom .rar.exe
Size	128.8KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3509cc5db4ccd2416f0baf68c9594c5d`
SHA1	`2f1ea509595f77ce3396fbced02ccc77d4cb41a0`
SHA256	`cccbca1c184a9fa8a0394af83890d2d1f46f276a73ffa6b0524a5175a9d45447`
CRC32	`BE713D36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93dd61bf067f8cea_russian horse sperm catfight castration .mpg.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\russian horse sperm catfight castration .mpg.exe
Size	1.2MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0845540d5bd3f42188e83675271bc389`
SHA1	`d204c891e9aaadceacd53dee809a6dbfed8f647b`
SHA256	`93dd61bf067f8cea69383b77b595b7413619569df8db98c7b8391c2e576c5d1c`
CRC32	`AB0390F4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	802e6ba25faea086_gay big penetration .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay big penetration .mpeg.exe
Size	1011.6KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`57d0150a00ac78e3774047e5a3f0bfe1`
SHA1	`42e5a637a1038f65d2e4dc0806aa3d0d9d982af5`
SHA256	`802e6ba25faea0860f62848ec4f0d406fe7652ad480ee4711ee8914ecf7e1cd3`
CRC32	`4D203132`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a91518087fd75dc9_horse several models circumcision (sandy,tatjana).rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse several models circumcision (Sandy,Tatjana).rar.exe
Size	2.0MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5afe62a6ce0cabe0f7fcc3d517334775`
SHA1	`2cb18fe9e5865b1989e05e3cd3e79192e62e2899`
SHA256	`a91518087fd75dc95b750316d1fab3e731f027cbf386bc3217a96bde8d41235b`
CRC32	`0F4F91B5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60591c5009ab2f01_bukkake sleeping titts sweet .mpeg.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\bukkake sleeping titts sweet .mpeg.exe
Size	208.2KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bd615b82034dda8430e753a98012be10`
SHA1	`abf935cac6ab5417c8dad6bfb9361e187c5d48df`
SHA256	`60591c5009ab2f015486cf3cb4d369053de5803a835c25a7ce222262f872ae10`
CRC32	`6E150A46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c8e4e25caeb54e1_japanese cum lingerie [bangbus] .mpeg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese cum lingerie [bangbus] .mpeg.exe
Size	651.2KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2b60e5fbcf9cf604252f15d425f73e9a`
SHA1	`86656188c2b488f7cb9d03f569bb2ac4a0676cde`
SHA256	`8c8e4e25caeb54e1289018821603db9b9553b8e45369802583414761857cf66e`
CRC32	`D50370AF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd83a163abc09f5c_tyrkish fetish blowjob hidden .rar.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish blowjob hidden .rar.exe
Size	1.9MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6a2b90d79b41930348fb0c716ede1c17`
SHA1	`80669b9a04420526d7fcac098b3aaa59e1714afd`
SHA256	`bd83a163abc09f5cde437e46a7fc6eec0b82f2ed8bbd5ca2dd224a9aae218d28`
CRC32	`6D6CAD26`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c8873868ce4767ea_trambling full movie blondie .avi.exe
Filepath	C:\Windows\Downloaded Program Files\trambling full movie blondie .avi.exe
Size	197.7KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`966b4cf3bbadd6a9bfb0a7bfa557bdab`
SHA1	`519f6301765d26d0e50ee2312ee066d852050535`
SHA256	`c8873868ce4767eae852b95b704fb49f78a76d34efc3434c01d1f4a5ca060dcb`
CRC32	`087B5288`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6b1e50a3a10b79dc_sperm catfight beautyfull (britney,sylvia).mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\sperm catfight beautyfull (Britney,Sylvia).mpg.exe
Size	1.5MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e3a5e71a98268801516fb877cd211a49`
SHA1	`d1b77f4a760e02eea2507b30b78709c95e718529`
SHA256	`6b1e50a3a10b79dce7f60853cf1d0c77f630d6499b0645fe41b59ab7f16065b6`
CRC32	`D7651610`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a67025aec27c9fc6_danish kicking lesbian lesbian feet shower .zip.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish kicking lesbian lesbian feet shower .zip.exe
Size	850.4KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eadb39808484bafd3eeac49e0b354fcc`
SHA1	`ba09f121724a47805bf88c335de9b0bc7295709c`
SHA256	`a67025aec27c9fc61b701193af55d92e2d8ede42de4a384df7957bf23134b539`
CRC32	`4CDD0860`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9439977a9f1cf956_brasilian nude fucking [free] girly (christine,liz).zip.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude fucking [free] girly (Christine,Liz).zip.exe
Size	680.1KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`260698d3f3c19ae0532512d8756bc9b9`
SHA1	`6577604ec7a5ee13d64811839f8d77f9d0629d8c`
SHA256	`9439977a9f1cf956590d197d5e37b764db71d10240a856e42e16c894d017ea8b`
CRC32	`7BAC08A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7afdf94542428f39_russian cum trambling full movie titts high heels (curtney).rar.exe
Filepath	C:\Windows\SoftwareDistribution\Download\russian cum trambling full movie titts high heels (Curtney).rar.exe
Size	348.8KB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e8b06ad349df35aaec4c27ba7b1729a`
SHA1	`a42558d8a30a332ffdf085851432f67e7aa84f35`
SHA256	`7afdf94542428f396948c0e262c83c9c95e77cd9a3eb71159ae4b9c017dbd496`
CRC32	`145A141B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d46993e0c8c181eb_brasilian cum gay full movie bondage .mpeg.exe
Filepath	C:\Users\Administrator\Downloads\brasilian cum gay full movie bondage .mpeg.exe
Size	1.1MB
Processes	2400 (034f5b6e3fe65e0d89b4fbe85fe65fe7b0e2224a2c5186aa792299dc5d476a3c.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4e1698bbf6e3750168c17bcd1443eaf3`
SHA1	`0d00449f89b86c3adf99469241ae2f69d952ae05`
SHA256	`d46993e0c8c181eb3c102b360e6b9c21fad4da195ad2a9c1458e8708d4b66ef2`
CRC32	`B272A9D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.