SmartHawk

3.6

中危

58 个模型检测该样本为恶意！

重新分析

下载样本

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe

分析耗时

74s

最近分析

397天前

文件大小

178.1KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.14

FACILE 1.00

IMCLNet 0.70

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.70	Unknown	0.19s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200612	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200613	2013.8.14.323
McAfee	GenericRXKN-BX!9731F18FF5E7	20200613	6.0.6.653
Tencent	Malware.Win32.Gencirc.10ba42d4	20200613	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545320.84375 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.84375 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.85975 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.85975 GetComputerNameW	computer_name: TU-PC	success	1
1727545323.10975 GetComputerNameA	computer_name: TU-PC	success	1
1727545323.12475 GetComputerNameA	computer_name: TU-PC	success	1

可执行文件包含未知的 PE 段名称，可能指示打包器（可能是误报） (3 个事件)

section	.jxmnr
section	.lpkez
section	.g

一个进程试图延迟分析任务。 (1 个事件)

description

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe 试图睡眠 591.068 秒，实际延迟分析时间 591.068 秒

在文件系统上创建可执行文件 (50 out of 77 个事件)

file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\horse sleeping cock boots (Curtney).mpg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore voyeur (Samantha).mpg.exe
file	C:\Users\tu\Templates\danish nude bukkake hidden feet .avi.exe
file	C:\Users\Default\Downloads\danish beastiality hardcore sleeping (Sarah).rar.exe
file	C:\Users\tu\AppData\Local\Temp\blowjob full movie ejaculation (Sonja,Sylvia).mpeg.exe
file	C:\Windows\SoftwareDistribution\Download\beast masturbation swallow .mpeg.exe
file	C:\Users\Administrator\Downloads\american horse gay sleeping balls (Christine,Sarah).avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish gang bang lingerie sleeping sweet .mpg.exe
file	C:\Windows\Downloaded Program Files\fucking big titts mature .rar.exe
file	C:\Users\Default\Templates\russian beastiality fucking full movie hole girly .mpg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum hardcore sleeping (Janette).mpg.exe
file	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish cum trambling full movie wifey .mpg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse girls glans .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish gang bang lingerie [free] hole girly .mpeg.exe
file	C:\Windows\assembly\tmp\fucking licking .zip.exe
file	C:\Windows\SysWOW64\FxsTmp\trambling sleeping feet .rar.exe
file	C:\Windows\System32\IME\shared\russian action trambling licking feet mature .mpeg.exe
file	C:\Windows\SysWOW64\IME\shared\swedish action hardcore hot (!) glans granny (Curtney).rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish cumshot bukkake voyeur swallow (Ashley,Jade).rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast sleeping titts .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish animal fucking [free] feet 40+ (Sarah).zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian beastiality trambling hidden bedroom .avi.exe
file	C:\Program Files\DVD Maker\Shared\lingerie sleeping hole femdom .mpeg.exe
file	C:\Users\tu\AppData\Local\Temporary Internet Files\swedish kicking bukkake voyeur (Sarah).rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake licking (Sylvia).mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\indian nude gay hidden .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\danish kicking fucking masturbation bondage .rar.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse trambling hot (!) .rar.exe
file	C:\Program Files\Common Files\Microsoft Shared\brasilian nude lingerie public hole beautyfull .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling big penetration .avi.exe
file	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big .mpg.exe
file	C:\Windows\mssrv.exe
file	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot xxx [bangbus] .rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian handjob xxx full movie .mpg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian animal horse licking bondage .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx uncut latex (Ashley,Curtney).avi.exe
file	C:\Users\All Users\Templates\brasilian horse blowjob girls .zip.exe
file	C:\Windows\assembly\temp\indian horse lesbian public wifey (Christine,Jade).mpeg.exe
file	C:\Program Files\Windows Journal\Templates\danish cumshot sperm [bangbus] traffic .mpg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\swedish kicking lingerie [free] ash .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\brasilian fetish lingerie full movie hole mistress .mpeg.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\lingerie licking (Curtney).mpeg.exe
file	C:\Users\Public\Downloads\hardcore licking (Janette).avi.exe
file	C:\Users\tu\Downloads\swedish nude lesbian licking titts sweet (Jade).mpg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling [bangbus] boots (Christine,Janette).rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\beast sleeping titts lady .rar.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\black animal blowjob voyeur (Curtney).avi.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\indian animal gay hidden (Curtney).mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore sleeping hairy .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian uncut feet .avi.exe

将可执行文件投放到用户的 AppData 文件夹 (20 个事件)

file	C:\Users\Default\AppData\Local\Temp\japanese fetish xxx licking ejaculation .avi.exe
file	C:\Users\tu\AppData\Local\Temp\blowjob full movie ejaculation (Sonja,Sylvia).mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\beast sleeping titts lady .rar.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\swedish kicking lingerie [free] ash .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\indian animal gay hidden (Curtney).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian hot (!) titts balls .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking hardcore masturbation fishy .mpg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse trambling hot (!) .rar.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking (Curtney).mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\lesbian catfight titts penetration .rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\brasilian fetish lingerie full movie hole mistress .mpeg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish kicking bukkake voyeur (Sarah).rar.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian beastiality fucking full movie hole girly .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\american cumshot fucking masturbation hole ash (Jade).avi.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\danish nude bukkake hidden feet .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\american gang bang hardcore voyeur hole .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big .rar.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian handjob xxx hidden 50+ (Jenna,Melissa).rar.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\horse sleeping cock boots (Curtney).mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\indian nude gay hidden .zip.exe

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00009200', 'entropy': 7.7228958156896965}

entropy

7.7228958156896965

description

发现高熵的节

entropy

0.33031674208144796

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 84 个事件)

Time & API	Arguments	Status
1727545294.46875 Process32NextW	snapshot_handle: 0x00000128 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 616	failed
1727545296.87475 Process32NextW	snapshot_handle: 0x00000284 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 2228	failed
1727545299.10975 Process32NextW	snapshot_handle: 0x00000274 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545301.12475 Process32NextW	snapshot_handle: 0x000002a4 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545303.14075 Process32NextW	snapshot_handle: 0x000002d0 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545305.15675 Process32NextW	snapshot_handle: 0x0000024c process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545307.15675 Process32NextW	snapshot_handle: 0x00000274 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545309.15675 Process32NextW	snapshot_handle: 0x00000274 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545311.15675 Process32NextW	snapshot_handle: 0x000002c4 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545313.15675 Process32NextW	snapshot_handle: 0x000002c4 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545315.15675 Process32NextW	snapshot_handle: 0x00000264 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545317.17175 Process32NextW	snapshot_handle: 0x00000264 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545319.18775 Process32NextW	snapshot_handle: 0x00000274 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545321.18775 Process32NextW	snapshot_handle: 0x00000258 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545323.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545325.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545327.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545329.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545331.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545333.18775 Process32NextW	snapshot_handle: 0x00000350 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545335.18775 Process32NextW	snapshot_handle: 0x00000354 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545337.18775 Process32NextW	snapshot_handle: 0x00000354 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545339.18775 Process32NextW	snapshot_handle: 0x00000354 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545341.18775 Process32NextW	snapshot_handle: 0x00000370 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545343.18775 Process32NextW	snapshot_handle: 0x00000370 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545345.18775 Process32NextW	snapshot_handle: 0x00000368 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545347.18775 Process32NextW	snapshot_handle: 0x0000036c process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545349.18775 Process32NextW	snapshot_handle: 0x0000036c process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545351.18775 Process32NextW	snapshot_handle: 0x00000370 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545296.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545298.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545300.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545302.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545304.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545306.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545308.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545310.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545312.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545314.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545316.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545318.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545320.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545322.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545324.9375 Process32NextW	snapshot_handle: 0x00000118 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545326.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545328.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545330.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545332.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545334.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed
1727545336.9375 Process32NextW	snapshot_handle: 0x00000120 process_name: 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe process_identifier: 1988	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX1				description	节名称指示UPX
section	UPX2				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (5 个事件)

host	114.114.114.114
host	8.8.8.8
host	3.94.248.38
host	71.162.157.28
host	58.152.113.91

枚举服务，可能用于反虚拟化 (50 out of 4572 个事件)

Time & API	Arguments	Status
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.48475 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.49975 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.51575 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.53175 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.54675 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.54675 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed
1727545292.54675 EnumServicesStatusA	service_handle: 0x0088ca80 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿ¾:2ÿÜ::8`-l[w`-2n8x0ÄèúîÍø;z8ûxÿÍ_w!Q%þÿÿÿz8[wr4[wx0nop00ü¿évx0Ã@\ýÜÞx0Øþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意 (50 out of 58 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.04F4CB21
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.04F4CB21
AhnLab-V3	Worm/Win32.Agent.R336787
Antiy-AVL	Worm/Win32.Agent.cp
Arcabit	Generic.Malware.SP!V!Pk!prn.04F4CB21
Avast	Win32:Malware-gen
Avira	TR/Dropper.Gen
BitDefender	Generic.Malware.SP!V!Pk!prn.04F4CB21
BitDefenderTheta	AI:Packer.299F44D11E
Bkav	W32.HfsAutoB.
ClamAV	Win.Worm.SillyWNSE-7784290-0
Comodo	Worm.Win32.Agent.CP@42tt
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.ff5e7a
Cylance	Unsafe
Cynet	Malicious (score: 100)
Cyren	W32/Sfone.A.gen!Eldorado
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	a variant of Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.04F4CB21 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Sfone.A.gen!Eldorado
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.9731f18ff5e7aa79
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.04F4CB21
Ikarus	Worm.Win32.Agent
Invincea	heuristic
Jiangmin	Worm.Agent.ws
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=82)
Malwarebytes	Trojan.MalPack.PES
McAfee	GenericRXKN-BX!9731F18FF5E7
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.04F4CB21
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.DF39.Malware.Gen
Rising	Worm.Agent!1.BDD2 (RDMK:cmRtazrQAGsQ9vgWTFGwfYTzc4SL)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR
Symantec	W32.SillyWNSE
Tencent	Malware.Win32.Gencirc.10ba42d4

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.jxmnr	0x00001000	0x00011000	0x00011200	4.8945685549579565
UPX1	0x00012000	0x00009000	0x00009200	7.7228958156896965
UPX2	0x0001b000	0x00001000	0x00001200	0.7017545132594376
.lpkez	0x0001c000	0x00001000	0x00000200	3.9638687291035044
.g	0x0001d000	0x00001000	0x00000200	0.5960600373116879

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

->zU?C1.*ph
.jxmnr
.lpkez
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
U%z?@e`@
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
Y<9O_V4#
,:@>" :I
7&)"DG5D
E+4,=CJ2:$@/">?<$D
@%0?&6
/ !%.
0!&'-'
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,SC*
)Xx%7Z;+E08d=dw
wjw/n=1q6
m+g%o2v
b>'Y;:|.Q^
RU>}9,
q5=-|
A>xs3{
uY$m4 
3p0V!D
/.?,=1
.lG*yF~
x"W+YI+#$
j,JQt4u>
_(4+T
t'f;;,
B|49c9@W
3l*Pm7
{+/f;@"k
(k7(b#
d<R(h5uGA+5
pT6>Nv
k&k+ 5IG-#
U"$_>9u
N29;?E
l#rE:y$
S<M.8z/&X
/%m>^u1"q
*7244#8
;'t1Bg(
<3V*)"@7
fc(G@ 
':SO'W-9<71t!{d
6t^3%.v
c<m4d~5SM
F_15:B
2k&}(P
4:Q{+?%,
@d4G:
v( UQ9>/*
`&#)i,?&
2#%JR(
;4.Of!
F1;;'a
^:$Mv[7
7+vc*r0
*P1^eb=
{=6Sv<<
!w!z}
{5b?eE*4
F?u/x^
$(u:`'-
6Q$:+7-.
N;1bL{
6Y%J80
_KM&+W>3~
9 "[.?Pln
Nw<X<&x8&N
&]+Hh#
/8)&S,8N
,"'U%t!
m35V6w:
r|$Zji-r
)tH4'C/;2%s:
L$Wq6
)I+7Da0
Ka7WP:
)9V3T9
:L&Q!'jp
|=#P(]8-:?-
p4zJj+
.>4P);&
!d H-:
%YH(XD
\4M 2-
4riV%Kr#@&~?
k\t5f:[
>'6]>i,0gX;>(
'X2j=^$g2
x%E;&F
EF\-8"
ev,w70 /
'Qvm/,
"l2F$e'
z,p*:V
<17m50|;
hi]2~
F> 5Dy
5Q*?y- q%
A?;!<J(f[
6Yr'=*7%PC
U|U(?8_1
b1zWx*.<v2&H`
<-63XJ
E&8-F,
<#%3V&.l#+)i/u[3_
/]6(Bo
^<`4awO
'"$WN7E?m5dR
6}s=,fWM
*U,)k%!;I
pM7(>:%,!&j
A!:*!# *:
&|L+<N5v
d.=s'g}-
4h5d!{
`k?zdz
#1)&
4QO;U54]
5j9/5J
-O8/u0;
Y; 40(6
 1_n()
%)e"Mu=AY"\p$u
=^e;L~
Dr)o6T
.]=q1c
R'd3B)
t.mC8]L8f
Ls&%q?H!p
f"b~>>20
E8"Iu?
sg;:9< '[ Z
x2;.gZ
wD*x`< 
vL5,v4j
G;Tnt
,:|el
9-]BW=Q0%
2|,"56
N<}5Q8W`
>g>~#?<
\,&B_>
T/R5UF
$;v"4)
(i3.1>KE
6+7938
$%ju>>*Qs 
4{J#!'
s\S;c?q
dc3VI)[
3w;83]'
';gN!1
9"?90S
e)B5q&v
z~Z5D@3 
>/;mV+U5,~@)
B.7s-b7
P!3?lu
>$)s331$D
7\A+C*B
D($7;=@
+>Gf-1p,0
Z[-<J0
2'."i#
-1-/+X
"1n.-xY
>6/W#b
j$OM)Ni
'l7lU*7
j=DM!J
u52/X1u?
yf-4Im
c:;yw
A&'E6r
3)3r2%\ &V
@_:^*.
/536':7w
.4`,c%4
&fK #0'$y>
,R-Me-G
1k*Tz~
5u5#(>S*
1E;"<I
z==:7; e,13
q679.a
1p5Zi6hI'(7Jx
_"Tn6?.q
U'1jQ$
F$~9nK7
A5;e=M>
ZE?%U$i
-ri.T/g
~#'^69.
)1mY0?@
$La,W82
-6d[ 80M
Q=6nm3R
I/Cp6;
0Qlg%!<
%m5x9ToE
*<5q<q)F
=9w5hQ!
T%~19/<v
//&.}--v?Z2
Jj6U9`s(<L^&?
?p#?.q
5:}y4\
02(T* j
hy._S@
B}7#&7
7^8mrE
=E:^0?i
D#ell=
#3G`6)"d+Wyx
/Y91=(b
($@1+5:g
RE>f&h*
 ,W'Y!Z9h
)9=Dl-@3lTn"k
/t:3On
2 W:})2>
 9B%+ 
X)l+U_7Xb)HU#=
;:s69L|G!'`>Aa
Z_$@N1m~
Bj3%G a
G8*R5kp+@
8C9~`0X~
t=<)V`0i,5
Ql<R$%Q/Z(L&)'
*g`)d#
%{_H6J<2
</^:]X`
l*x<x;
s>4')#
fM?lW6
d2>o#]
hF'XJ)?h
3O!UD{
]:J:A5
'-z85H?|9
8G4S;
%@9&*8u#(4
+% ),r
y[2]1tg=
P>7{,O:3
B8a0kuB'
=:o<w/[,D#
"iN$`/
f?39|6Y7X
<Y!;e%y$>k
mV5e-]15,w$?
B:jr:,xJ
jS<5.|,3
)Qg7@
+ 9}T8
51Y?#J#
634.bW9
],-!Ni
$o)5k/U?mG?Vl,$o
J'%9#
B<;-x3
*+BR#C4(.E'v$9m\(ZyB6
(\+'bt;Jj
-L&}.~
23v(<'
s35!k
4.6@V3_!"gbH&{
B%&)*`
6b$cZ857<Z?
>Xx$8 
:v4"n\
7j:lSf
}+i =7~
YL7||5
%2/#G3;!S
D2S6`6*
b2)B1m
2B$s@5_1dd-
."-(vJ
&)W}9(<,
o0<]l
11|(/xTW;
7 CS.+W:G
p?74Rf
&q<v#i>,j
5|)F(K?!
(?t"Qu
O4.[*`*' 
-J!).-Ie
y+4|?M3
g o-@q*L
J{,2K>[?Sg2
%+?-'d+/#
)&,=%Dm*^$
F*y>1E
/7 0v;dX
*<eIC/6\
B^!t9(
r1k01u$gd)Y1fv0
C07(&"
8HP7-3
z s#<1A
Z>p" h*
Fe}0lp;!_,
l64;Dh
sM?|7F
NQ2v}/0C6
9-j*\["}_ | h,
F;7U(n2b
Y.^*#`QE
E8\w5X $-bI)
,4_^3e
Ri"?4(~E
Jn^*$!7
-9zx1KO
No2'%L/
Z S*S7
,S4!^0u5!
<17*S7
5B?t=C
Ek\9B,6YS)
.&I01>
.4f6Fc
1x^849*
E"9v#hq+/:42
Ov=5.]
_.'{7Y6M)Y5`v
2J ~b/
ei&bon
<+6Az?7
 * )!,
_&7aL5;q
[S5m!3zE
7@i=.!
:1)8"c
6V!zi.{E_
E(0u=pg
;,Q!@z
J?=[;I4(E3|5T<
]8=]20R
|a7n+2
<7R@7h
s>K/O9
+;24&("+$}
-0y(g>
#SV(V oc
?!a5=n,
!W5m:5C 
7^,2HE
Z+$[1*45G
<<F#e4S
.E (Ib
oK<cy3j@
99P>Q]:1
P9>u,p
g,6S{:ts/
n9i#":
"c.k+ Rl
xhi09-p
:#* D&
!]G&/Ey!_!|
**?K:D
L./l#)Ff,h
~u"qZ5
c'!1-.
 uq;`(E9g
"@v8#t=%
<$L$'-3
+'h;[-7/(
1%&+"
Z0klm"8lv
)8*dm8y(6P
i,-3sY7'S+d
_,?IR(9C
).s0?<17Z
/ :N14x7
7)8lQr8"+#>
h6mNa9O
w|9&_="
%2Gx:!
3(C)J>q6`=
-R4~#U
(45V%uh
2K7HI-f
yC* r&0$
B?7.P!7'Z
Q-r;L.<Mb:7
EO+HB]
ZT36Ms
1B`2s/3$ 7G
S\W R'6w
cq>Y#>.s
(a,~]3xr/
jx<S.Q74,q.w]
#D~&v?E>x`
J<Osm(
28)/*$"34:M 9C
K<y:$z4;8
oF;U)7E
_~p6Mj_,#=
6<b84O
<A{53%
mu!;)Y
Z~1,C16^,a]&40E.K
T-Oi!E
G>%a#0
#X/tr'
:WT5kT4@O,0G
$==e/1kG
m26J}){:*
ei(yR6
v;7|7wT
T%x(i>
>l9jJ,QX
^bnD)q
`**6`/26
D$:'b?2/794
zAq0I<5
 <\>5Y
4H0{S,
u]C 2%]$=V
>Zn0:q
tll-?
&*!:BA6L
EA:kN
]"cS0#
i 6G;%iG7
(#O:(:*%w
&0F?>p5n!!i-&W
)|JE&}:=1=
e~=lP&#!h
@.Z+y
;$,AM#
7w5m#=3
A2K=+{(dA#'l$!kK.s
+[9&-M6R
=f^i'c
?N1$+$nl>>X((5@9Q^?
w*"_];
Tf> &,p(
FM_7?(
/m\j2
v4*45:
[_2d5v
?]//+[
0O]p#U
)#Z,\-
C.?LM);
*6?.$HV|
Y#Iv":<E3
"+}|88
m66A>0%aE
9=.;1T8
4gw1c+Q3
17B=p1
p)(5721Z%TM
]]'+|t>
9h,j>,
?>'8--C
&!:t"zh&M4j
J12&J#"8
u.Vg(36&~J7
%E1!$\4
L"O<P?
%o+6%>~
g.'n+6,@T
jd&9
-A&"7HG>SQ2
+&.;XP0Z
1. K=M
b$dT&e
E$(333
I6G# /
(m?.m9*2
n"$6><
S>@0wX
"TT.G/:gn%&
T"$l*6N
N4Ol'm
:?3?i
_c&9ok
A1!# .
U%P{:-\
2@#H1L$"
8@}*P6X%S
$3T0&6
"y=8%uA#G
+V|4a}) Ha
3;5#m()
%t>A%;
BMV$*UK?R'
8%g+pS
."T0 6h#j!vZ
T%5L?<`
~=lc*i49P
n(<6%p
??^W'HE
388$hJ
3K+f=Cb+).af
"Bz}7p2i-
'R.0yBV!%
/'p)7&
8R%*"X
%0k<pH(^U
)zv5E?
/&"{o'H8
7<I;o:.[ 
A 68}*S
[}h&e,ki
9it-*gp
'>z3->
]>vI(x
)|3'qu
 )hhpz
/|-Vm$
N40P!0`
X/K$(2j5}
a%@C!,^
[P?.8965s:
0)<07<
!gi-}5Lu
K",(<x/}C#
5/ee>?
>1y)T;;
; /4# 
!T9a lN
C'h+K}
/!d213b2
6} %/
`2_#2-+D&%B<-
V[t({>
'A8%n?
wL=M2T
=$6y"01
WL'9V2sC
9o.'"m*vC
2?i"<V
+T8 ]?
q*(O%F
N^2h*p*
>=;Jo=9+h/
x4R9~
;E<:X+R\
6b8,*
2d)UFx
$`W#'Px
8O#2X96=2Y
;Z2+?3,
#:.3,CZ=rh8
oK!)=G
LKc$2-
SF3:^.
'%&*Y9:/8$6/{
?Y7<i;W
6:Sr7Q
u/E< %
?X#'GS0vN
]s8 a-
V.L:|a"
x],}
"A9W/
^r<`|;*e=??b:x==2
Q/!0-R/l/
 >u^P5
150F:P]0U*x>
I=Md3X>=
L p+_T
90rU5&
|!);yf
";6%$+<a
,d$J2@2"
6$:C&3;*
=9;n#:k8&
u,r=au?e4
9092pQ
"?QK>:`s
(<}.\7
#G>l9?e
>N&8%qo>%l
J>S7Z.5iN?$J8Oe9U$
62N!~ D5bU
-:_"G7
%l>^h#U
4A:m)H~z
0)X#L(
&,&tP1
<4lF1a
K_M1$q
[:x!!k
Y6].<
!{1-sV?$B[
%i70`@"d
1.6e=I2
Cn/6)S
I+/#9g
(PU?J;g1 
36/h$)1
q2S<C4
s4]%^0
>)Frg)/J
:mh.q*
M.'2T6!
O!;HC47
7P%0A%X*
=%[c|4*!
'vj.vD(Iql+c
9@|w9@9*>
1po?\:<l[
%*.51W%
7i:e;,
$Tg\;T;I"
E*)e%gv
{U\!c.
QD)R/s>
@,J(Y1WP
%#FA)]&
,jCx.2^+
"}"P/)
7zQ%D!
9yA&<Y
-D5:~O
4+)2A6#c
?.v,3l
9VR!Ux(mo
$5,K'@!0Z
87M0%463
#i+d%*G@2I"n}-E
/{&.,,
*=$1>7:
 'z;"4
T>e~40*
"Q$QV2
t-38+I$
4F:D;?/8
*t)p(y
`(y#4#}
&p#.Dd
ap(9~
lL5k+1
&)"1%4
h`>8.%&
:-8'#{=
)&M*d ;X3
04Ef'^
"0<siR
F/%G&/c
v6,l>gxK
>b"/hr
"{&]$? L
1$`>P7
1/-a0n
u2.A?bF
~:&H7p
!=($XWK
+_-~=9>
-!?5#b
-@-&h/1f
u{<H:VQ
L9:"Ky
h=LI9a
H#'024#E^ #0B
q$Z$1O
/=*'D3
=="(<0x2#
h9w6=RW>
='TF$/
tv,JJ%
I&'&2_
}8\0&0l&
Z!7)s/R6
I4oV(/A
-^yHWc8
d5u0)&9+
,MH?m4;f1g
r+*$D$@
.38m52
d'3 {$e8
1:G5k%I:
!xGq)q4s
4&1'1d%'/D
%4'K4&
k/pR=(K
wda48a0 *+>|
F9D(/]b
/o:w0
8>_3Y$
6#r_3U
VR658.>r
-)7C{7aiP:uv
[`b3Z>
9y1>8K0%t9
[z-6.7
YG(;|0d\;Q7^
+k(02W
v91"5m.
C'w%P>
fq,T0K1
c(+3,k?~(
!;X,Fy9:**O
,{(I6-`*H|
l{=-0-*5%
2(\+A8
~8\Z#y)7H
M,.$aR
!)T0t1
r{ r()Gf <$v5
;g!.Iy
?kD Wy
d9.":5Z)
1MT'+)
> 2B8T 
+c<"-u2P&R|
xQj8(3z2
|=g|;$1=
"/(9hS
/JM9k`
;tK/U5z+:
!4{$u_A4K
1_w/e+'
o9^)dz
8\o,33=2u(d6a;$:i#?
Lg,U*2ZX'
+*j>#K3H+
,.50G ,
>a#,m`"
<66"y>(x
:`0"^
&\6FZ
z89lJ1
?C/$%u
P.'~&"d
|=a$$&
sd9G7f.
+K Zu B5
(6{Z,IH13o
:|Y91^
za=D;6
d-_E'45
["h.!\n
5%&/2;
:/>K)v
O--3y32O'o{+
+2=^+,m(
H3r-?i$tS2
Zr7$%n
feY?;'1z.IB
6LG%*5
GEx2P:G
[<(*<$[
f!#X7U9
w)!K+e's@
*r=jx!(
!| O2$C
4H/aO&H
rq %gn"t
=>E.G0
T+(G*`2p^
xeL ]2q[
%ht(]x
"#9/#Ec
W21/509)
K3hZ."y>
;'7#i*P
<!H(uC
q&V5)o
H&&P"M) =>dA'
>%`/^H
+'\43V
Vf>G.E!8c
b0&C6sc(S
 m#_o 7r
p?!`9W
P%09rw
$h#)c
7u|&!n85
o^]"V+|
yd+&XE
zl\4=(
AS2.N*4L
4q)+b$
3t1$"v
:B0czf
P!Z>rKo+|#b41
4+1C#E 
bg5sSk
gX/<hz2
xo59j)R,5>W\k
"=<4>%
%^!.a-56/
F#-wlG
vS3Z/]*.L
A**&0#|
!FT,k6?=5y=hB}.
)=S5n*
n5~[58C
>+3/wL
u`.Vv:E0A
M[/\h'1
CE#n,$Wh
+|*a33;%R
 td)8;
,I*E#"A%[
i/{;)
6<#>>f&<>!n$
4)&Q?:>!
-=p^;'
=|B)Tr*U
FR2U"h?
U6OTk!#/ne(b0.Y53%
N7z|UE
J=}( P1+
X,2J^(w0
S>u<-i
7/!_X'\
=l%C6B+
Z?/>+$H
,Q%&V0Z3K
@.K^=?
&41<.q
K;B(6L
B-jy%;([T 8
90K<w(4=
pD8&LIR
,hxyn
|8+%Pr!Y
.6.y#Q&
[&T17 
?u|-](
9MS6u4
q8f]7X+
}T#_*
3}&D9~%>,.~&A
1<+&DL
/b#LE>5
#@'0q^
7 m(/;
q(4:0W<k"
<SH$K.E+_I5n
%$(I#$6
=2i1@(Ko~3<I
8:=Y/W:
dn~9`<*
C9)"Dd
(="$w)
OP'"8[m=vP)]
.*",'=y
Y-J[,a
V0al3(
792K?@
)3O.*'.
>ZM216[sq7I8
mA, .Y%
%0q-2W`\
"U^5du&j
{eY8&A;$8
B?}1>6n!1'
~X+9Y-%
UV14{h4
_{$M(?[
0J+#s;\A%
)ad2t8?
(3|0Gy
k76w19-2>
eT83*nM
8j&T$v4(*,
u?Z7JH.
:W(;psM""m
/[&9(3)D# 
=/$O"2
&C"_O1Ln
464+8u
!c6)jI
+s*]-\V
#SK7L4
&&{e>[
>(sym+
<A7c <
b0V+OB97/B
n<,x-O
3"K;R=%I1$
T+}D-n
U,8:O;
A2:%yc3
M,B)6~0o!
\k Ne"
t"B",h
<@(>H.+a'
&?)$9(z
y9<{~4l"
m60D,#M=8i
[f8(f%
~/h0%(
!r~)jzrT60iU?*'\
;I#>O`
V&"F<Ql 
|x;n=(w-
\_5&'
K /(p=&
NQ8~vw2R'U
h%16z"bz,5
k!.X'e?
U%H!+X
r)3R?^IZ
>%!n?
a*#K=K )|/$
S6+`y7.<'#;
Oz:LnN(<:;mw)
Wd:S>17d03`6<
x=V=S!"A
}-i^88;
wt-Fs
'?;$?*-
i02z&!5zr.~4H1
J<rr$M#
#(3@;
7%.#+{%7
B91O5;
Ean(Hl)g
~.+CJ1O
W)zl<:3d=g
L"178)
=8n':TV
G*5u,}\5
lp(/ r,
EH<_`9
'9L%Am
[Y+*5Z)m
4,b13H
E1pJ(@34f
$$'$s0
3m!W=9I7
~%wN.1f;m58
nH;m?Q
E s-$
;-qG2(V
:|<JvB4
H4lE?b/,U
?4&b=&|5
b+49&u7LF3_
Nv&A6\?2
0y9MU27V2-J=8%%<Ht
(=-&,J)
8>G4;Hw'$$6
Ix#s&ES
@O  9"B
W'9q(r
(:e*A"0
7u/iy5Z(
+M&g6{
[~.x&m
=F?jq g
:Q+eP<,e::
*%6+I+=
"i) U#5,~
pS3X&8
6F*?^/
0/8l7
$+p:A?&
V:R9aB
&*3/.A\
+.S')[
7h+Sq38*
a,<d2G
dK-kD9
%5=8 /,k
d ?p6P/t)> z2:
y+>x;
<|*Fg$G
0b$Y+Vy
C+}=`c4#,1O7l
u*;??/
>,#!A"X
t0#+3%Z
a"{,ua/&
rT/F:gC28
!'ft8f5
ZB17G(A
5q/6: 
{C3[L]?
."p;019}R.`
0lDN6U;{;
qb'z"M"
? WO3No
o2>yb
 o,8u-Y
 &d53N<A
&D!}%V
rA)&cC
-)84"f2
-e;&^);I
c2I[<26
c:>#i.
g7>W:{
[R-,dk
Qnj?Vu
4s3z>I
3i2Y$z2
=}&{3%_E
AzE=3f/w-C.%
M'5o2!J
9[K4749
Z\8p(% aoZ:;B!q
X,?A&tm%)j.
j4?=j*k d
'=^r"4(`!W+]#I%9
1p@,:=Nw&""6r,<=:- x:
m'?;pe=
R`)2_5r
(21.'s6~
|hU:un(/!
|?U'z<
S <hM=Q) }
$r(*6'.S5>1
*\'$Lt?m
?,[?I$ImO
0*X:&{17
9T3W<>T
V2;R*>8 
;SW."3
"vqc<1b>y$$:
=`<B%zIs6lC%2-
"0w'M{!
>R8Pu.l'
-SsH{
1H7/-:4\
>|O:>,M:*
-I(Zv~+
/;G-*)
-CU$+)L
06<I\%
",3z(G
]07-6^=S
QiE$Ri+645w=b*
/(_%j;
d0U&]
."7Y;)&
!.+n*b(
54+< '
t)($LJ
.4'[O?*
s!-S"(
<@%J+B Z
#jIb>&;,
q+cs(h
9G2^&:
99"gX/
+B:!Q>J<-Y%
UP5`Al'/
zc))4F8*=u4
Q6.t;-:jl
71D&73/
B&nc#6R
T(Ok%o6T=<I
C7t6+;,
M<49=q'8
i<R(8<wm?
I?h6Y5 -
 }L= 6W/>
J$>-X/
'3Ug8O)_
~<#-+6%?fZ
Sd1Ak!
H3zp-?
}%1!.)
'Z#S6)t4
)S?>j&;Z/L
f)8R$7p!
+cN(*!%-F
%e3{uV
6L'm:i;
-# 7.%
R7+sp^
_+,m&c
l4T9Qd8
M+j=<e
Nc*~8|Q(B-
.m.v ;>3
Id)DO$ve:
N{&*\9
(-D"3_
$ya/0.
!K:$${
J.h:+G09ZL
BU/o\5
H?;rk*
%3/#+S*n
%)$[_,y<9)c
W)s("<
W8g;*)n
71"wAE
w:d(L8
xX6vb"6$
#6!)>]
M7Bl1=d
n+"n#W/
K4kZ*?(&
e89/54(
+<zm0t
0,7u0B,=)
a=:46`
r9KJ'8s+!o4:^~
*8\6;C
F9c0"%
ee#~s5s
o'j}Q-mx-:4a=N
d];g[6&
,6J5-I
(z{,,5m+"
XD/>Q&w\
B24(9oG5
`2"AP.-vf%
d'C'>'
:e>H2R'I,b
^.y-r3
Q5k>(SP
-<x)f|;
<: ,q#
6r9[v0tr
13*h+s:l/=
:A7M9!>
}:1=wN>
5cI%9J
&22%4*#
H_b7)
ov!5C9P#ZQ
Kp(L;/^
nP?:m(O
f;~">T
8f;x&#>=o^
5)J<):dy
-W!Rd7,
82Q5,"
\?3-\#"u
Y> 6)(I
2*(#}%!
T09/zs;Xq
)A{,` 6
g(ZQ7z
k6 ?U8/8,25YDT*u
w;#G=$k*T8H
AC?y&p
\J1.3P:
rpQ=ZZ,^+
\#@U)ng
3i(t\l
~;75*;
n({&|'
I>1#6d
0s&/.5xl
J. [:,
;1wEh0W
=S4l@f'/0L/5
5/;)z].Dm1
,:94%/%
U9$Vp:
V${{)a~/
=8#+8$;
H;Lh=A,;
5&?p=\
f?@M>(Z(&
l r],)
7*59:w#B%jZk
S>.W^
7+6B60'*
>1my34
('=!s2
(|n5j*]'1
7bp9nn' ;
'']4+)QZ/p4
0:hD\>2I$OV(}w6/
#5QW "
K9:ls7
hZ+="&1=
L=-E4rJ8;X$0%8
Q5n6Bc\
df.SPE 
!W7)7C
|>EV0{F
1L'83>:<
f,{,90(X' u
=z3,)L9
_!.+p!z
>b)RQ)
y- '*394$
UY-8iT
|.&A!_2l0
A)?!1K
(C:r70)0L6@Dy?
&?%%m3c 0t~
${7D-[
+8zL 32
8M><^R
$E\]+#15#n( c
%2.wL(d/x1 T
RK${5#=
b?F3gf
WxB7T'-6l
$<<*e#,
")#6u8
].:K!|
>%(]a!
D;R!/f# A/q)
<;=[87
J-*YhC
+9D8u+,}
 1>"C-+5>)9
%3SW=r$%A81!*2
a-E:cGj)[\
79?2=.
N&.Ibw
a?*<{%06J
"=8P:i
 /vJJ:pF-
_6$|^*
g\=?01
:lC:J-;
o*y0A<?~=_
+`Q1#"P;y#:
^s8Q%Y
)8.e6L"Q'C
8ENV,B;I
!Z0@5n.
k$U?3Y
7;C$K:C,|
4('=L,,-T
pP+z,QD7
F$6=_-};u5
!=W+I%8
558?(=|=:
vG?hX}6"P
">K8r"(7
&-/ n0
%C&_U}
_$!l bN&
\ce;Jz
^/(-)&*
\8y;z74],
KK CO6@30
J$P>'!
^d$m0L
Tr#W;a
/A={p=
6r3C,
<m4g]:
Z)9Z"b
t9(,U8"0
>12r8&T
\#5n5G=
l>*4o~1
uh8u0As,Nz
f+aH,^
'T!m"-!
?7Lf2::
)SE8Z%<l
K\-]C?g
h [O>.)T(M
{A42H0
8(qN"kF2G
doc?W|4Nu
_'lc'*
vAs9i6W
<6]J7zY 
\V=>$#
ZS"~K?
j6F+8d
\K0l;-4w
&K)oJ
,6-p+!6
s-H &j
;>m2$m
?ZF7*)]
'#N=C>
4Vh1%r=t
/.bMa
WI6s$(:
<<Bq#?
<C1ny)6
=8K:$.>
(wMn'e
$1s8Q.h'
"h&R9=
[3FhZ5/89
}F?q}:ct=
u5`l(
tN:|$<U:~hp$]9"@54|
4"X.6>l`
]M0PMn
<'2(n.bU
_x+9k(
:-*q(M
,1%k=$'
=;<?^;N
)MQ?|1$,?X
m/88;fs"
Z<3:;CV`
ty?5o-
={)5*Y
3:H27![):G>+*
(L+s<8e 
k:nVm1=e
>.?"3**
<#.|w+
=^"TmP a
"l[3<k
;x?;C(p
8.+l='2)
$A2D5'
_<No!+
P2b8J1
&C6oaG#
uG0K6X
->Z`6'!m/
Y!t:/(3
 #2Ez.
CI8)o=%dk
:CG&mH~'a&fs
L#cb;n3-
Tb#6c:6/1?8
>{(g%t
Y!xY%6e7(.+v82]
&QK;7j
=BF+Fr#
5R;)/z
n;0X8(
A"_:?Y5%$t?b
2-7`54
+z@3\6
=y9b\7~A
obL03e
%$4!2()
;G*f0L46M
:)xD&04&P
s7&$!3[(c^Z"K?H
F$,N3@$G
-&{S2t
p=$%5&me6>}3=J
.v5$x#
h%pi1Q
{)74,D
!NKL::5
y3 PE+Gz*M{
3`w4L.8
30H6;\
?.$#r
+WY-oT5.
8' ''6
Q0B%2;
1dx_=WJ#}}
2A"mz'$
R1>`,TL
#DT(yb
}&l<#N
a8'@:_
Fz0]u9&
?=1*#P5"2/;HX$
K-)+E a^
56^h3C
)&%O.c
l-Sk%)*%@
I355*T<m
8W=Mx0.>
_65a2<Q1
;kQ>m3W
p->1JJ5
5;]`?N:
!n(;gc
E#YBq#9P9XGL8
UL$/]2Ma*
$&3xf.T18+y69O
/84ARg
$Z$9>u+8K
&&"=HB&7
^L19hl5X
/;@[&C
 .6L9*<
W(816)s
<-,;0(fgH
8{:(TO
T67/v,6"\0
(.-=/6:
s]368R
iuq>]9
 a,A7/
O::XLf0_
$4zj!3h0
&#Y2[;^-2
5vqt7
a0>udR
K3s9"*
y<f$#*
f=IEd4X
:5p"1*c"`
n.40Ip&*'d
zt<v){
4~3x3'
j52e8#W
,_=&R
Q2$PH
0L?rd4
*!%;^^..Z
%V0*2tC/
t<M;K70A
@2I5b#E%
?3?G#1:'+
!*aS+r@0
h5(U0W
Z'dL=f
;9x!,[
?/0[ |*
e8j=:+}
C2c.QA9G/
mu)=X|
X,T 931<v&
>>)<FP
<48hO:1?u?
5%l[:/@&6?
8`3'P,
JV=n46
O|`/Uwo
1$($_*5:Mj
$`0A}<Pu=
#50@Jh
t!K5.'
x" E#'4f
IW##N3Z;
9:-0+Y
-s]J/f1d87
@)x$T5
eQ)76$bM.k/
kc%>F0
&&^%'[
/S2Q2Y3$
8j:|?
3381ma
Yf@U0B
0qgwEZ
&)=b)bjs1<
,~;]%l
x8,:X[
Lo,;h<a:6oi!\_z!
t3>j2u
 @*Z<+=i,B3
'<ph<[#
9eJ`; 
!#+.{<*
[>45%+g-.<R+:
I_<!')7m
(h<K;%a
K%-)$jNk
 1&)D1+y/"L
` /&vD5x/l:"6'
(5r=&}6
9g!P?8
<_0!z(s,>A_;A
m)("Lb
%$*^](
='h["t
(.Cq#a
m;6~)l3f
<>d +("0
V0ps5
%><d:>
=c}"Q<,
RC?e%eC;5u
}44O_)C
/~)5$(1+U#
l#09G5&
x5nC,4:
;L713$2a5P$3o)
"2Ma1'/>
s8m5Ee
$[l5f<*.3
*#Za).X
0BQ#[<
^(?cWA=8O,=
d i7E(S
W$6e<4
X'."1y
+/(R8>
;]OS5[>9v%=+%!
p;2U[5z
Jc<+nYa:8+
<D)\A"F/|?#
N;/Ni,
9=;e<oL&i
?2Xjf8%
a+/t0#
^];H6E]
;830Zo
KJ49t-$c`3
.H4>-v0
40:dU03
(77o85s!1
 d!&g#%
H/0|s-
a7:DE!{,
(GG#j,7
~j$0,Q
&}'e9y
%l9b,?h;YO)5;!/
#4*g6E
`Mx y5
w1)5&<
Bh "\V;43
'1W*^4
S$?r^7a
+Z@-H%
6ur.WKe)
E,c~7I
K[%.Bc
.x/<4(|I#{s/
!=n">T<U
S,919R/
59Q7/:h[.
2>U,66H'Df
Z:_[=-;
}2"mO,
axg*[_3<
r $@(Z?
<kVu2t

Process Tree

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe (616) "C:\Users\Administrator\AppData\Local\Temp\0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe"
- 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe (2228) "C:\Users\Administrator\AppData\Local\Temp\0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe"
- 0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe (1988) "C:\Users\Administrator\AppData\Local\Temp\0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe"

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe, PID: 616, Parent PID: 2224

default registry file network process services synchronisation iexplore office pdf

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe, PID: 2228, Parent PID: 616

default registry file network process services synchronisation iexplore office pdf

0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe, PID: 1988, Parent PID: 616

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
3.94.248.38
71.162.157.28
58.152.113.91

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1	131.107.255.255
38.248.94.3.in-addr.arpa
28.157.162.71.in-addr.arpa	PTR static-71-162-157-28.phlapa.fios.verizon.net
118.133.144.224.in-addr.arpa
91.113.152.58.in-addr.arpa	PTR n058152113091.netvigator.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	137	3.94.248.38	137
192.168.56.101	57665	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	52215	8.8.8.8	53
192.168.56.101	62361	8.8.8.8	53
192.168.56.101	50075	224.0.0.252	5355
192.168.56.101	137	224.144.133.118	137
192.168.56.101	58624	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	71.162.157.28	8
192.168.56.101	58.152.113.91	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	0489d1da7662974a_swedish gang bang lingerie sleeping sweet .mpg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish gang bang lingerie sleeping sweet .mpg.exe
Size	313.1KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`674ceb2d1366e0199efb34408a91e61a`
SHA1	`a453f1dafc3229c77be1f344e1b2887cd7fea4cb`
SHA256	`0489d1da7662974a6d69e8f1938267fc5994ebe769e38c534298e1c3e3985c2b`
CRC32	`91663645`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a91324153bf0a8c_brasilian horse blowjob girls .zip.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\brasilian horse blowjob girls .zip.exe
Size	215.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f63a4d2428573b72aa3bd25a4cc7810b`
SHA1	`4a8584143ea00be1fde22b1f4b20d6c0f88d3bc6`
SHA256	`3a91324153bf0a8c2380536ae88edb3ec18062052aa8ab306ef258ace2201912`
CRC32	`A4CBD790`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b760bbad25621f7e_japanese fetish xxx licking ejaculation .avi.exe
Filepath	C:\Users\Default\AppData\Local\Temp\japanese fetish xxx licking ejaculation .avi.exe
Size	727.0KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`48dfe9f432ef33b4c56a2d8e0d9459ca`
SHA1	`723d3c5d5271d563bdce9ece67cf6a84c0ae73b8`
SHA256	`b760bbad25621f7e348e629b427af19efe7bf9450f375ed967301cc097073837`
CRC32	`FAF50EA6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c5c604dfc534a060_blowjob full movie ejaculation (sonja,sylvia).mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\blowjob full movie ejaculation (Sonja,Sylvia).mpeg.exe
Size	1.8MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`906e4978524ba2e745efba0bb0a7cd43`
SHA1	`8f7938ae3621248b0cf005e7fe717c89ed0f561d`
SHA256	`c5c604dfc534a06009157a29aeca42e13f15e47f632d4f00ec55396d7c657855`
CRC32	`F94824AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6144125a6b9dde04_beast sleeping titts lady .rar.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\beast sleeping titts lady .rar.exe
Size	2.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8153201bb2bd9cb58d35059ff5044199`
SHA1	`92655b367b56d94438f23a644d2dbe437a338c2f`
SHA256	`6144125a6b9dde04893f1ea7232fdb076318019c6e3d7ac40df499f7b82361f2`
CRC32	`ABB6E470`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cff974f4838bb1fc_swedish kicking lingerie [free] ash .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\swedish kicking lingerie [free] ash .mpg.exe
Size	906.6KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1229c86ab14eae3fff2f728af75f6b97`
SHA1	`629c347dac1efddd507a0a960f1e188fa8a43af1`
SHA256	`cff974f4838bb1fc0bc1418718e88faf1db36648d3578c4beef75652f01f545d`
CRC32	`E4A2EBE4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d3fea24a92281382_chinese xxx voyeur upskirt .rar.exe
Filepath	C:\Windows\winsxs\InstallTemp\chinese xxx voyeur upskirt .rar.exe
Size	1.2MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9b8ec2824dea0d82b266478d79642481`
SHA1	`9c0461ddbb6711e8b6fab01391f0fe6f7fe02742`
SHA256	`d3fea24a9228138231f419e3659369fea37a7721c3a05679bd12cb2f7575eb7a`
CRC32	`9F5FE6F8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0ecb2bf350ffad4e_trambling [bangbus] boots (christine,janette).rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling [bangbus] boots (Christine,Janette).rar.exe
Size	745.0KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3c92bb590baf8c235844bc37f5b084ef`
SHA1	`a1b0306ce0e5dce559e221c071b754ae6d190c13`
SHA256	`0ecb2bf350ffad4e5c03dad10ac77a64457e6f6156fd7d03b475f30f7a0af978`
CRC32	`FE8D2FD5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5a36c6fdfafeb334_blowjob big .mpg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big .mpg.exe
Size	1.7MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f9c8ce1065cfd7e625bc1f0601a89caa`
SHA1	`7ea17f42b981e088cdd1d6b831c5173298adb06c`
SHA256	`5a36c6fdfafeb334abce77220747f19b4a7c62886c0a18dcc89c82351b8eeabd`
CRC32	`F85C2D36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	47ca4849280988b3_indian animal gay hidden (curtney).mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\indian animal gay hidden (Curtney).mpeg.exe
Size	924.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9e1804e04e576dd5d19e990f59d3157e`
SHA1	`93a5f863434c96bd04da4aae6c2e3f94e00516b0`
SHA256	`47ca4849280988b3902eca4af7ef8d5ba6144ab4881adfc0579ac2c825179451`
CRC32	`522C9BCB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cb7bb05605a12f55_american cum trambling [free] swallow .rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\american cum trambling [free] swallow .rar.exe
Size	564.4KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d8f2d2d6297cd29d115439378b50297f`
SHA1	`623ff7a57499e1daa9bf9239adb0d6621b2cb069`
SHA256	`cb7bb05605a12f5526e4904b15a8c37fa089b8916e62c4bb370f3f4cb12b2eb7`
CRC32	`2BE6E74B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8b7da2169286cb1c_japanese cumshot xxx uncut shower .avi.exe
Filepath	C:\Windows\security\templates\japanese cumshot xxx uncut shower .avi.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8e86ad3c99732e0525030ed4ec84ca41`
SHA1	`b63af85c15f43f6a6d6e18999839847b75339e80`
SHA256	`8b7da2169286cb1c0d5cb86a39f3cb09d78c026725f7a8330a329c31af61c415`
CRC32	`97D2E814`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	695ef09023d7818c_lesbian hot (!) titts balls .zip.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian hot (!) titts balls .zip.exe
Size	323.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7b5c5887adf87f3c5457a89a0d92781a`
SHA1	`e39c99e489075bf0fe8e298b45078895fba72274`
SHA256	`695ef09023d7818ce68a6472245c387bcc8e4adeea9965000021d16e637fb2e2`
CRC32	`F3B8A501`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d3681d158cba1d7c_bukkake licking (sylvia).mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake licking (Sylvia).mpeg.exe
Size	2.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`68d7822aadae21259d78615e08cbe1a7`
SHA1	`3eb7620edead5ede68864b22423e1eaa1105c23c`
SHA256	`d3681d158cba1d7c352fe52a1e51ba1894d044aefefb314b903dd3f523af67a4`
CRC32	`952F8383`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7c1aed210ada231b_xxx uncut latex (ashley,curtney).avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx uncut latex (Ashley,Curtney).avi.exe
Size	1.1MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9336ca69866ac6a606ca84797b5b0cd2`
SHA1	`8ddd8bcb88a36f3eddfc3fa5362ee5a538c67905`
SHA256	`7c1aed210ada231bf3a1c291d2e7d45e7e8fbc0a4fcc0225436329d6e7615d2d`
CRC32	`B4FB10BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b32e146167bbafd5_horse girls glans .rar.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse girls glans .rar.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cc11a33976ba0c5191b652587958009c`
SHA1	`1ee44bf426a32e2bcf9df1c8371a433f9edcc4f5`
SHA256	`b32e146167bbafd5d28027b30ba16376a6f58bf30cfd61ee69ebf60695179b03`
CRC32	`39BFCA12`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88ae3a936ebed0a5_danish kicking hardcore masturbation fishy .mpg.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking hardcore masturbation fishy .mpg.exe
Size	890.8KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`29ad37a83ebba3f5cdaf6a3557a22573`
SHA1	`48e786c827e657549bc33ff7da38fac4e92f9b5f`
SHA256	`88ae3a936ebed0a5120a271a6ce0c6e4725ba1d88e838ef0641ee45f872f11bb`
CRC32	`B15904A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52c6165045a75eae_tyrkish horse trambling hot (!) .rar.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse trambling hot (!) .rar.exe
Size	227.4KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`feed4d4f706ef43c7bf433e680b556a6`
SHA1	`64f60ee2ba207d9fd7665753949316377e317526`
SHA256	`52c6165045a75eaeb5862ed38347900d4e8e79dba6680a0daf8705a92e9f24a5`
CRC32	`B28C405F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a8e10ebbede4f8ca_lingerie licking (curtney).mpeg.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking (Curtney).mpeg.exe
Size	1.6MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`48131b99de03bd96f4fcbe0c4441d5fa`
SHA1	`0b7e8c4802dd9eb29ab68ba8f46ddf6c9c8a9a61`
SHA256	`a8e10ebbede4f8cabf4c2076011df06b7e76dcc5d0cd2e54ca4a169d6243858b`
CRC32	`6929F32C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	190b98d9030c85e2_trambling sleeping feet .rar.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\trambling sleeping feet .rar.exe
Size	1.7MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c7eb45fe5633c196427a641f15b4844b`
SHA1	`6d0a800e5fbf3b696beef1335405edd1658bcfd2`
SHA256	`190b98d9030c85e22f44a7ea74ea1bb39491ee9cd1150c8b0b3568b5a9ea54f6`
CRC32	`8BE374FC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5378da666ece291f_blowjob full movie glans .rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\blowjob full movie glans .rar.exe
Size	712.2KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`720b02b015d56c046988f08d0c7dd33d`
SHA1	`7ec3a42a2a1de019b9ba6a25926a06a534c6f53a`
SHA256	`5378da666ece291ff9d7f04d087cf932d913d4c1b9c2cb662b4d0272c0139ee2`
CRC32	`E84D3EFB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e64d4d057f3e93d3_danish animal xxx sleeping penetration .zip.exe
Filepath	C:\Windows\PLA\Templates\danish animal xxx sleeping penetration .zip.exe
Size	208.8KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b0e69806d6953539da9cca46e9c7fea0`
SHA1	`0ab90daef25b92bf944055ca57176ec98a9128c7`
SHA256	`e64d4d057f3e93d36e19702dc58bf1ef3001ff9eb357afbc733dec311c2349e7`
CRC32	`871A18E4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52ac27967175f2e3_danish cumshot sperm [bangbus] traffic .mpg.exe
Filepath	C:\Program Files\Windows Journal\Templates\danish cumshot sperm [bangbus] traffic .mpg.exe
Size	1.2MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d393f2680099d27c423e63022f7f5285`
SHA1	`e272cfe2986d05687bba84bde98086dfbefea2c4`
SHA256	`52ac27967175f2e37a5ea344c7bac3364f6c2dea4047d4973b7ba9aa26ac75c9`
CRC32	`E9BDC719`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	11fef5de74c38ee4_lesbian catfight titts penetration .rar.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\lesbian catfight titts penetration .rar.exe
Size	591.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0970463c8b75114ed10623a89ac424d5`
SHA1	`9be78f290d4226a5675b8fb08238b126ca623801`
SHA256	`11fef5de74c38ee4af870e67cfc7301aa460746c16e7a79f866cc4c19d1fc606`
CRC32	`D250ACEA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f438a722521de03_lingerie sleeping hole femdom .mpeg.exe
Filepath	C:\Program Files\DVD Maker\Shared\lingerie sleeping hole femdom .mpeg.exe
Size	540.1KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`301e70fd8bd134316982f5e05b27078d`
SHA1	`6d24185d063a66b2939bf0d6b6041bb9dca3260a`
SHA256	`7f438a722521de0313c087ab344039e54f3ebc4af3fa11a9d424b3c9d56bf8ca`
CRC32	`A68E7621`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ec3f04565519f7a3_american cumshot trambling voyeur (tatjana).avi.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\american cumshot trambling voyeur (Tatjana).avi.exe
Size	664.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9ae772b9ab2d1ca7b23d367a6bb7d188`
SHA1	`f789423e269de64720d79f302b40d626e7d151e5`
SHA256	`ec3f04565519f7a33a5723dd0f023601066dbea443fd4de21363568ece802bc9`
CRC32	`50FBD37D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d06ce4728a07fe3_beast masturbation swallow .mpeg.exe
Filepath	C:\Windows\SoftwareDistribution\Download\beast masturbation swallow .mpeg.exe
Size	1.1MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`78f150a69c6d9673c6d168779c7548f1`
SHA1	`86356aba131032b4acce8f9d9d1d916fb0a02b42`
SHA256	`8d06ce4728a07fe33afc961c601596b0ec7f612e8d514791b186ba470466eee6`
CRC32	`921928A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a9eda340fe15343_lingerie [milf] titts (britney,curtney).mpg.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\lingerie [milf] titts (Britney,Curtney).mpg.exe
Size	843.3KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`109ff9ba503c17617d2b4840170fb27d`
SHA1	`c4790bd060415c8945ffed602d02e3963674d26a`
SHA256	`0a9eda340fe153432e2bc21a58f8ff7b8abc2682ea4066dd1b1c6dd49c908f51`
CRC32	`B7A0FDC7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce5a62e4617e557b_hardcore sleeping hairy .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore sleeping hairy .avi.exe
Size	377.4KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e4fff672748e8df1862153028aba1e54`
SHA1	`f90c76b4994ceac289843154b1290615403f4c36`
SHA256	`ce5a62e4617e557b3d82581c2927648f85df1aa616e59656fb7da9ca7d010762`
CRC32	`F6D1E54A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	821c2ffed1385bb3_fucking licking .zip.exe
Filepath	C:\Windows\assembly\tmp\fucking licking .zip.exe
Size	1.5MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ca403ae78584a087ce53fab39b67a9d5`
SHA1	`45ac31102bf29a769f1bc4f966bdce4674707067`
SHA256	`821c2ffed1385bb30c9e5526290d11fda07e49f0caa99be7790cf84845a58de5`
CRC32	`255E2F1C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	280baa24f4680576_trambling big penetration .avi.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling big penetration .avi.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d1712c826e0c2d3c0c9c38ccc886a36b`
SHA1	`91083de6e210925075928ddfd3ae2b811f57f653`
SHA256	`280baa24f46805760a0b80efe6d3f2644f99dff7283991de81fc63150bc10448`
CRC32	`9E19BAA6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1128bdb9f1eb2cb9_brasilian fetish lingerie full movie hole mistress .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\brasilian fetish lingerie full movie hole mistress .mpeg.exe
Size	715.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e97c33851e332d17003eaa50b113e236`
SHA1	`5aee7c9d469d7f295db37d3c3b1b0bf724965875`
SHA256	`1128bdb9f1eb2cb9f84def9d2a151dae9532bdc071a93f771d50a34cfab34320`
CRC32	`FDEAF31A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	101ca80dd85093eb_lesbian uncut feet .avi.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian uncut feet .avi.exe
Size	977.6KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`059b65b3016417fd7ef928506f08b67e`
SHA1	`9aa768df321b46b8aaed1c1325b986f697fa47c8`
SHA256	`101ca80dd85093eb9fe070ce4cdfa4cc53d5cb28c86a2e4a754120f26f064e3d`
CRC32	`4EC9B4F2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ac561f3c1ed9281d_american horse gay sleeping balls (christine,sarah).avi.exe
Filepath	C:\Users\Administrator\Downloads\american horse gay sleeping balls (Christine,Sarah).avi.exe
Size	180.3KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c847b1faf7069618cced323470844b06`
SHA1	`7579c7d174a87fb99a900281f9235efac9978dd5`
SHA256	`ac561f3c1ed9281dc350e72363eda7526c3a9b214bbc0f8adabbb258f4f0b67d`
CRC32	`84252FA3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	745b86f5795a3c99_swedish kicking bukkake voyeur (sarah).rar.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish kicking bukkake voyeur (Sarah).rar.exe
Size	1.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9db95e659cfdb3504b3d93c992594360`
SHA1	`0e93c755c958c565b8b2b560ddfc8e7f397f66e0`
SHA256	`745b86f5795a3c99b3b46c1ab7729af7ee4303d8420a03fb3932e102ffa6a5dd`
CRC32	`CB39765E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a056f6e6b50c5c52_black animal blowjob voyeur (curtney).avi.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\black animal blowjob voyeur (Curtney).avi.exe
Size	649.6KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`37f97a46c6fe449fc4416f9ed7a16d29`
SHA1	`ee87c1dcd92c7422fd4c36e3a4a217cfe427df10`
SHA256	`a056f6e6b50c5c524c29b5692a9659a0431ca13adddb9e8a2134da77e3912d65`
CRC32	`180CEC71`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63a94656363c391c_russian cumshot xxx [bangbus] .rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot xxx [bangbus] .rar.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8b35969534daceb7a64e219d24c6a644`
SHA1	`ead7a8db43e36594b6651a1970f42f2851ce731d`
SHA256	`63a94656363c391c4cfa28278a662e25e48769c5234d283ad4dba5f8e5b198c5`
CRC32	`DA0F2B92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3c350f9b86d1ac65_danish horse gay girls .mpg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\danish horse gay girls .mpg.exe
Size	1.3MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3a7e5aaa94f3b07d109f58c6662a2392`
SHA1	`621a9284e74b032062131c0d0d52ad0ead95102d`
SHA256	`3c350f9b86d1ac65ddd8051741ee9674739adbeaabeb80dd28c3d2bc24904adf`
CRC32	`B8B3BCC8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40aaf83a992e1250_blowjob [bangbus] sweet (sonja,jade).zip.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob [bangbus] sweet (Sonja,Jade).zip.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1c8e6912be7517344361f92a787164a9`
SHA1	`3390bb21cdb884a3e3a1286a1cbe4661c4368703`
SHA256	`40aaf83a992e1250d64e8e11ac3a7357da493552102f4a446ba94beeda47d9e6`
CRC32	`90DC4A7A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	17256171c6e82b9c_russian action beast sleeping pregnant .rar.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\russian action beast sleeping pregnant .rar.exe
Size	1.5MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ea2b97903c670a758fcda3e12d91fa78`
SHA1	`857c2f277023fe205cca8af771ea1f7a59d2157f`
SHA256	`17256171c6e82b9c2cd7b397311c7ee02cb0e6e9d041aee2d21412c59318b6d9`
CRC32	`4145B849`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f35bdac32409c029_danish beastiality hardcore sleeping (sarah).rar.exe
Filepath	C:\Users\Default\Downloads\danish beastiality hardcore sleeping (Sarah).rar.exe
Size	601.8KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6c796a94f82fd672ebb1f41d1d6d1177`
SHA1	`9dbb1773d2e3c2cc563bf97430301318a2ab006d`
SHA256	`f35bdac32409c029adaafcabea9f1081d4356a2eaac313accedeb318ddb61682`
CRC32	`4960E03B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	971d32721e4f7b0d_fucking big titts mature .rar.exe
Filepath	C:\Windows\Downloaded Program Files\fucking big titts mature .rar.exe
Size	1.5MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9b5cf7b97e0457e168486ebb70c2cf84`
SHA1	`956fd1c24b1d5ba2884e00915ea06d2061020888`
SHA256	`971d32721e4f7b0d94a338e83c4364f0c2c83c53045b3598d8f551500201c52b`
CRC32	`A44FF02C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e7aa05065f9bc1e8_russian beastiality fucking full movie hole girly .mpg.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian beastiality fucking full movie hole girly .mpg.exe
Size	2.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`75def9ff3f249b7965a11eefec14cf82`
SHA1	`4e6d52f9e27ab50a48a4c3bbd7ac33ebf3dd8d91`
SHA256	`e7aa05065f9bc1e8a9728d09a162842b2369359151910f21298b81af7bf82700`
CRC32	`4B54B040`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f732cea54c0d8540_swedish action hardcore hot (!) glans granny (curtney).rar.exe
Filepath	C:\Windows\SysWOW64\IME\shared\swedish action hardcore hot (!) glans granny (Curtney).rar.exe
Size	836.8KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a8960d33b230585e0cb91f4c28a25d48`
SHA1	`b548fe9e16bd65a1a61bbbd15d0046e4eec87301`
SHA256	`f732cea54c0d8540f15a9fa80ce23f7e7101e6badae685541df25eca24b84863`
CRC32	`3A4ED4BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78f33e8725f971d3_indian handjob xxx full movie .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian handjob xxx full movie .mpg.exe
Size	966.4KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4c57e92bbad1821dd295257e73959562`
SHA1	`d8215bca0b5140bc704ea78379b5ed9efbff84ef`
SHA256	`78f33e8725f971d3feac2d955cdc1f4baef3a016c3f9923333c05ec386453341`
CRC32	`8E3725F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	502da59ed18c6dbe_swedish animal fucking [free] feet 40+ (sarah).zip.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish animal fucking [free] feet 40+ (Sarah).zip.exe
Size	383.2KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c87ec5cdc5787220a99cad3acb00c797`
SHA1	`396806a8eabef061503fd9b0ea90d17f21c11030`
SHA256	`502da59ed18c6dbea37c20c612d177814306dd2e4a461efe5c95aff79afefa5e`
CRC32	`E350B2A0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f517dd8a1f9894c4_tyrkish cum trambling full movie wifey .mpg.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish cum trambling full movie wifey .mpg.exe
Size	357.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4f793d99af575c12a3385a262d54f48f`
SHA1	`ae21ff3c7d6be7e92570c8500df7a542960cb781`
SHA256	`f517dd8a1f9894c41a502db85e5ada02807042270dc3e690314563205669d1f8`
CRC32	`1B77DBF1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eaa17a5e8d523561_american cumshot fucking masturbation hole ash (jade).avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\american cumshot fucking masturbation hole ash (Jade).avi.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`86dc6f4afc16e69a44b6da465e9d42bc`
SHA1	`946dc7e9af13564e80f3267267c048925618868f`
SHA256	`eaa17a5e8d523561d9395653b287b2f7c9699e19473dd588081264d5f42f83ab`
CRC32	`E56DD5D5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9db7fac1c23510bc_brasilian animal horse licking bondage .rar.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian animal horse licking bondage .rar.exe
Size	651.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`61c30dde2ccbfc39d9a1df907f53f447`
SHA1	`078e6828fef51a0648de5dcebb7bfb2f9fdba392`
SHA256	`9db7fac1c23510bc0b5bebbf8c0d5ea3eb079e0d3b84bc806f77028b1fd15ec2`
CRC32	`3051DABF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37ebb8c4b091598d_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	1.9MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`372a3f7bd5b2d31ef17956c838cd86d9`
SHA1	`4d5ad1e74e8d29baf9820d3df883785dd4fcae47`
SHA256	`37ebb8c4b091598d1bcde9cfe448f8c2a4978ce426b0ce80eb4065512356a29c`
CRC32	`2C596F70`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	504f82f640a59183_fucking big feet .zip.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\fucking big feet .zip.exe
Size	675.7KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0cfad8dc1b40c295807d1134024ffb5a`
SHA1	`9dc680bfb3972666b280f423370abd7ad92f89cd`
SHA256	`504f82f640a59183534a24df718f3ed68d73dc6b70f84ddfc03befb1e5759b1a`
CRC32	`8BCB0891`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7a4c9b598edf13df_danish nude bukkake hidden feet .avi.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\danish nude bukkake hidden feet .avi.exe
Size	726.6KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2242b80b01ba5cffde6994110d7f995f`
SHA1	`f981d84d32ce6e0550b11d24f47767dd6462bcd4`
SHA256	`7a4c9b598edf13dfa9d94780733dda9fc5e6cd817fe22c6fc10caed47ffaa569`
CRC32	`90B34321`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	366b82d0567beec7_danish cumshot bukkake voyeur swallow (ashley,jade).rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish cumshot bukkake voyeur swallow (Ashley,Jade).rar.exe
Size	1.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bec3ac78b7c0f3a5c5497a5446eec966`
SHA1	`8c4e8a4256155f662265eeb7cd2908728f1d21fa`
SHA256	`366b82d0567beec7814c8207307c6a9405c6394187ac8f9a02448be579575a22`
CRC32	`0530EC03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	daef0ce815634615_swedish gang bang lingerie [free] hole girly .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish gang bang lingerie [free] hole girly .mpeg.exe
Size	1.1MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`754cadfb98bdcf4b6c618d7bb7856fe6`
SHA1	`135edec2aba1205a5c3e4a189ebd524105d04c6b`
SHA256	`daef0ce815634615505a5002b0e7a906a3561bada0c9a00cfda17776a8072f20`
CRC32	`2B32D77C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	249383c9a07a32aa_swedish beastiality blowjob [free] cock granny .avi.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\swedish beastiality blowjob [free] cock granny .avi.exe
Size	2.0MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3f51f59146cf3ff790f892ab5b60d4ce`
SHA1	`0784d12c74a6609bf2336510ce609c1b88a8c35b`
SHA256	`249383c9a07a32aa28c64d6153a5db2450ad623b384a22d32d0dddc8dec1ac63`
CRC32	`763DF8FF`
ssdeep	`None`
Yara	vmdetect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	246fd532ee41c04a_swedish nude lesbian licking titts sweet (jade).mpg.exe
Filepath	C:\Users\tu\Downloads\swedish nude lesbian licking titts sweet (Jade).mpg.exe
Size	1.4MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e733f3ff276112de8914449c97715268`
SHA1	`166bf498ecb18337b3e5f7b69ced15b8455dc2a2`
SHA256	`246fd532ee41c04a1f47d584d8aad1981890b81cef6f722a688c4cc676e2b9d3`
CRC32	`5D6A2978`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cfbcd429f506038f_russian action trambling licking feet mature .mpeg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\russian action trambling licking feet mature .mpeg.exe
Size	518.5KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`abc2ecd230a7681183b2d756333df19b`
SHA1	`1ba0d49c3150bc197665623c5c8c4aaa986bd4d4`
SHA256	`cfbcd429f506038f2722748013df4f9df792ac18f8060a34ee1125bd304a456c`
CRC32	`7C3CF2F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	459b07522810d4e3_japanese porn beast sleeping cock .avi.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\japanese porn beast sleeping cock .avi.exe
Size	1.1MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`873fea6a55dafb6b7d87c53b3159a7d3`
SHA1	`8b1c7f41a53dfea14a372af0208d70cc5c9084b6`
SHA256	`459b07522810d4e3aa34fca20e37075db4fb54abc2f3de2948136146a552c4cc`
CRC32	`1803CCA9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31a213904b87b0b0_hardcore voyeur (samantha).mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore voyeur (Samantha).mpg.exe
Size	1.8MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cac26623858c42b3a6f613b48f6989d2`
SHA1	`b8d63fe6b63d70e74b862ef1e8f715f0991472b7`
SHA256	`31a213904b87b0b052ea0908a3c1854e993509dac1e595e06d9ea4501ddd4c89`
CRC32	`21AF7DFF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	991437fcdb65fbd4_american gang bang hardcore voyeur hole .mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\american gang bang hardcore voyeur hole .mpg.exe
Size	1.1MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a6dc2e69c40c8993b92cdf04b163fa7`
SHA1	`d7179bffa98db30b83b477833ab9c179c929a492`
SHA256	`991437fcdb65fbd4cca43f605b66628bc3d66b286be38665361180d765a96dae`
CRC32	`8564006B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64bbd262a6e639af_blowjob big .rar.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big .rar.exe
Size	521.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b785e87f58ce3b275bfcddf173c81844`
SHA1	`f399d435905ca455ef829ecc658647b2eb39ef2b`
SHA256	`64bbd262a6e639afa8e70187b3f6a6b631360215694c03766b042db73ad199c2`
CRC32	`26D93A28`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	05150e960807f861_danish kicking fucking masturbation bondage .rar.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\danish kicking fucking masturbation bondage .rar.exe
Size	1.5MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9dac9b83041e5fff44d1a6270a29743d`
SHA1	`c3fe0e97fb2280ad7418fa7037bb4935fe94c5ec`
SHA256	`05150e960807f861a01b0d35b8c80c41f12f839c743a672e09a2df4f8bd6f5a8`
CRC32	`23BDE91D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2a962521af787f8_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	ASCII text, with CRLF line terminators
MD5	`176f759e6944746986451c71eb036c9d`
SHA1	`db5c8be2cdad595055b625b6d80eb0bf21feca6b`
SHA256	`a2a962521af787f87c5a283afd831404d3fa0f9f3b344feb7a91f1468fd454b4`
CRC32	`5E54CD68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60cbacf2344ed52a_russian beastiality trambling hidden bedroom .avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian beastiality trambling hidden bedroom .avi.exe
Size	1.3MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`16bb37d23a73f4619e5049cc3cb7f217`
SHA1	`e7a2095002443013a49164cd54f2f71c714f1c21`
SHA256	`60cbacf2344ed52a20f5273492ba4e44c7a0e339295f35fe34c0c9b81f4a40b2`
CRC32	`8A7D8043`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4f94f19812e8efe9_brasilian nude lingerie public hole beautyfull .mpeg.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\brasilian nude lingerie public hole beautyfull .mpeg.exe
Size	1.4MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`59d32fc197a573821ea0f47e417aecac`
SHA1	`56cdc37e926d3ac0657172c5285466aa96965811`
SHA256	`4f94f19812e8efe95596862e39a413fa2cc7a55971cff9b333d0ca811a55f8f0`
CRC32	`0F5638EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20753bfb85ceb5f0_hardcore licking (janette).avi.exe
Filepath	C:\Users\Public\Downloads\hardcore licking (Janette).avi.exe
Size	1.8MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c84a39f06c471e73a9ee0f4046a1dfd1`
SHA1	`9a64608c6ea5cb2b6aff51bf47daf9dae39fb6dd`
SHA256	`20753bfb85ceb5f0b036e37e30e8960ccc538563433f41413f187beb357e6486`
CRC32	`B32347FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2d549100465b3c6_brasilian cum blowjob sleeping mistress (ashley,tatjana).mpeg.exe
Filepath	C:\Windows\Temp\brasilian cum blowjob sleeping mistress (Ashley,Tatjana).mpeg.exe
Size	1.2MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`45a580d0bab2eed4b2e7d7ccacd799e1`
SHA1	`86d50862c7db3b6b307c242d9eee7772a5c2549c`
SHA256	`a2d549100465b3c6434838915c86f4e4220f15a92d179c3024ebbd263d519886`
CRC32	`9978FC15`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7dd0d96040aba15d_italian handjob xxx hidden 50+ (jenna,melissa).rar.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian handjob xxx hidden 50+ (Jenna,Melissa).rar.exe
Size	1.6MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8b118c8c62529b92f8b12a6e59f680a6`
SHA1	`731761db27d669b933689173e517ab05570f7e50`
SHA256	`7dd0d96040aba15d1e0bb5b9ff9b0f3b55e15bc5766b3fee1b188c4d6ff12e78`
CRC32	`820EC55B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	693cf8b001c4c555_beast sleeping titts .mpg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast sleeping titts .mpg.exe
Size	783.8KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c2e7778f2ebb21b29db9290da7fb9c73`
SHA1	`ee26a3c0593ef738dd0bf0df8a47164381ae74ab`
SHA256	`693cf8b001c4c555ca89ba5c311b686688dfa57df1f4df9bd865e63fbbb60ec4`
CRC32	`67C1E181`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	48c2373283cbcbf9_fucking hidden shoes .avi.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\fucking hidden shoes .avi.exe
Size	727.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2cb0fe844ec317e7aa0f7ed8de55c5ee`
SHA1	`3616f3b06f6fe5c7e8857ba379b7ab031cf75a1f`
SHA256	`48c2373283cbcbf961d19633ebd7e91f16b92373039fbb052dce2535af929c71`
CRC32	`590A782B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f970aae2f5038fb6_horse sleeping cock boots (curtney).mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\horse sleeping cock boots (Curtney).mpg.exe
Size	818.2KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`46e71d08f9b653ee53326360e81a0c08`
SHA1	`3f25b4ae7e0ea64c80c52c907012403506bd93c1`
SHA256	`f970aae2f5038fb610c8a5db96ce9dec4243e8fe2769b194142f8b3d8cab46eb`
CRC32	`325A5EEE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	791b3cc5363ee07e_hardcore girls titts .avi.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\hardcore girls titts .avi.exe
Size	1.8MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`557dd20aea4996428fa56b78077e57a4`
SHA1	`ec050e7fe20e97f635960a508f8e2a844d753195`
SHA256	`791b3cc5363ee07eae51eb432d97c7452f4cf29cc4365271e1ac101b3c38477d`
CRC32	`17CDB964`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8780872a37b1270e_russian cum sperm big 50+ (sonja,janette).mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\russian cum sperm big 50+ (Sonja,Janette).mpeg.exe
Size	138.9KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a73c64ce295bbd834f1d39ac0402da32`
SHA1	`280c00c3f01ad0c31347cc576aade89bcac99309`
SHA256	`8780872a37b1270e02a4472d21754e62f13f09fe1bafb3b04c778f2c951dafd7`
CRC32	`C187FA31`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6329054291cb2f07_brasilian handjob xxx masturbation cock penetration .rar.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\brasilian handjob xxx masturbation cock penetration .rar.exe
Size	801.6KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d88411ef7818057e9f7d3397e53b76bd`
SHA1	`3308a602b26661c78854536787a903aeeb214f60`
SHA256	`6329054291cb2f0707386a33d1d679ddc3e39aa327dbfcc008e8a92d7495d02e`
CRC32	`A731BDD5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b4e2001f243acfd1_indian horse lesbian public wifey (christine,jade).mpeg.exe
Filepath	C:\Windows\assembly\temp\indian horse lesbian public wifey (Christine,Jade).mpeg.exe
Size	472.4KB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`46a3bf2a0d380078808347f22faf6e53`
SHA1	`2cf5d9a0e156544a5f725c012ce277b41f5a8d90`
SHA256	`b4e2001f243acfd1d14313f83e215d6625463b06df052bf3c3f936beb1bb5f30`
CRC32	`5BC73851`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	75d38302a6e5b830_japanese cumshot horse hot (!) beautyfull (anniston,janette).mpeg.exe
Filepath	C:\360Downloads\japanese cumshot horse hot (!) beautyfull (Anniston,Janette).mpeg.exe
Size	1.8MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`34fdb6fbfd0828d12d4a96936bf22bde`
SHA1	`87132d4be23b63b6cfec6f438929c2c48e8aafcc`
SHA256	`75d38302a6e5b830eaef3c799cfd64d4c299d69b268cdd47f2b04db453092d00`
CRC32	`C7A86F59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	468f4259b5c31508_indian nude gay hidden .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\indian nude gay hidden .zip.exe
Size	1.3MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3fc18fb5628350b03434835116364435`
SHA1	`ec33aa4d2e845a73ccf00a33efcd992a7c156a54`
SHA256	`468f4259b5c315084810b7f5e8166466857d351433bd6f29d94ea1dbe4b11229`
CRC32	`517D5F8E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e0dc8fadc33d180e_russian cum hardcore sleeping (janette).mpg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum hardcore sleeping (Janette).mpg.exe
Size	1.7MB
Processes	616 (0406dfa4adec389aa2a364b981121f163a6b18e1fa27ec9c5727e0c783993459.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`85a9a23dd181236afced08bf33bb57b3`
SHA1	`3ddf7ab2f35af5aba6af1c1088eff0c466a4d5e5`
SHA256	`e0dc8fadc33d180e196a4f657aab1842c568f0d38c82133e7ca32c67485e9f6c`
CRC32	`73340837`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.