SmartHawk

3.8

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe

分析耗时

134s

最近分析

383天前

文件大小

144.1KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.14

FACILE 1.00

IMCLNet 0.80

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.80	Unknown	0.23s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200405	18.4.3895.0
Baidu	Win32.Worm.Agent.fj	20190318	1.0.0.2
CrowdStrike	None	20190702	1.0
Kingsoft	None	20200406	2013.8.14.323
McAfee	W32/Generic.worm.f	20200406	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b07aee	20200406	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545357.172375 GetComputerNameA	computer_name: TU-PC	success	1
1727545357.187375 GetComputerNameA	computer_name: TU-PC	success	1
1727545357.187375 GetComputerNameA	computer_name: TU-PC	success	1
1727545357.203375 GetComputerNameW	computer_name: TU-PC	success	1
1727545359.453375 GetComputerNameA	computer_name: TU-PC	success	1
1727545359.484375 GetComputerNameA	computer_name: TU-PC	success	1

在文件系统上创建可执行文件 (50 out of 77 个事件)

file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\cum uncut .rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\british horse masturbation balls (Sarah,Sarah).zip.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\malaysia sperm trambling masturbation feet swallow .avi.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\asian trambling nude sleeping ejaculation .mpeg.exe
file	C:\Users\tu\AppData\Local\Temporary Internet Files\black fucking blowjob girls cock .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\brasilian sperm porn sleeping glans 40+ .zip.exe
file	C:\360Downloads\sperm hot (!) hole ash (Jade,Melissa).mpeg.exe
file	C:\Windows\mssrv.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish gay sperm licking hairy (Curtney,Sonja).mpeg.exe
file	C:\Users\Default\Downloads\black fucking sleeping shower .mpeg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\beast action uncut cock (Karin).mpeg.exe
file	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking cumshot licking hairy (Jenna).mpg.exe
file	C:\Windows\SoftwareDistribution\Download\chinese bukkake voyeur cock .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian animal lesbian masturbation feet hairy .zip.exe
file	C:\Windows\System32\LogFiles\Fax\Incoming\russian kicking bukkake public sm .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian uncut latex .mpg.exe
file	C:\Users\Default\Templates\russian lingerie licking traffic .rar.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lesbian gay uncut young .avi.exe
file	C:\Windows\assembly\tmp\gay hot (!) young .avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian fucking cumshot hidden hole blondie (Sylvia,Sandy).avi.exe
file	C:\Windows\winsxs\InstallTemp\gay cum voyeur gorgeoushorny .mpg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gay action hidden upskirt (Janette,Sylvia).mpg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\danish action [bangbus] boobs hotel (Karin,Britney).mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\spanish hardcore licking lady .mpg.exe
file	C:\Users\Administrator\Templates\black xxx hidden latex .avi.exe
file	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\lesbian [milf] glans .mpg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\animal lingerie full movie blondie .mpg.exe
file	C:\Windows\SysWOW64\config\systemprofile\black porn uncut hole .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude licking .zip.exe
file	C:\Users\tu\AppData\Local\Temp\malaysia bukkake masturbation .mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian cumshot horse big traffic (Karin).rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx big sweet .mpeg.exe
file	C:\Program Files\Common Files\Microsoft Shared\malaysia lesbian action sleeping (Liz,Gina).zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob gang bang voyeur boobs redhair .mpeg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\danish cumshot girls boobs mistress .rar.exe
file	C:\Users\All Users\Templates\chinese bukkake public legs bondage .zip.exe
file	C:\Program Files\DVD Maker\Shared\beastiality kicking hidden .mpg.exe
file	C:\Users\Administrator\Downloads\brasilian gay voyeur high heels .mpg.exe
file	C:\Windows\SysWOW64\FxsTmp\italian lesbian uncut mature .mpg.exe
file	C:\Windows\Temp\beast big stockings (Ashley).avi.exe
file	C:\Windows\System32\IME\shared\norwegian gang bang fucking voyeur shower (Sarah,Karin).rar.exe
file	C:\ProgramData\Microsoft\Network\Downloader\african cumshot [free] leather (Kathrin,Kathrin).mpg.exe
file	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french gang bang beast masturbation 40+ .rar.exe
file	C:\ProgramData\Microsoft\RAC\Temp\german porn catfight .rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american xxx catfight bedroom .mpeg.exe
file	C:\Windows\security\templates\british gay public balls (Jade,Britney).mpeg.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\cum lingerie full movie glans bondage .rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian kicking full movie latex (Kathrin).rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\indian fucking beast full movie (Sandy).rar.exe
file	C:\Users\tu\Templates\sperm licking black hairunshaved (Tatjana,Sylvia).mpg.exe

将可执行文件投放到用户的 AppData 文件夹 (20 个事件)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\norwegian cum horse [milf] nipples .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\black xxx hidden latex .avi.exe
file	C:\Users\Default\AppData\Local\Temp\american nude lesbian .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude action big .mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\malaysia bukkake masturbation .mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\danish action [bangbus] boobs hotel (Karin,Britney).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\indian fucking beast full movie (Sandy).rar.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia sperm trambling masturbation feet swallow .avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\spanish hardcore licking lady .mpg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fucking blowjob girls cock .avi.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn blowjob several models .mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian lingerie licking traffic .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\brasilian sperm porn sleeping glans 40+ .zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\blowjob masturbation vagina .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\japanese bukkake hidden hairy .avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lesbian gay uncut young .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\tyrkish xxx public .avi.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\sperm licking black hairunshaved (Tatjana,Sylvia).mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american xxx catfight bedroom .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\african horse catfight femdom .rar.exe

搜索运行中的进程，可能用于识别沙箱规避、代码注入或内存转储的进程 (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1727545329.609375 Process32NextW	snapshot_handle: 0x00000130 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2400	success	1	0
1727545334.344375 Process32NextW	snapshot_handle: 0x0000027c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	success	1	0

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00008800', 'entropy': 7.943864614025493}

entropy

7.943864614025493

description

发现高熵的节

entropy

0.9855072463768116

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 231 个事件)

Time & API	Arguments	Status
1727545329.609375 Process32NextW	snapshot_handle: 0x00000130 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2400	failed
1727545332.109375 Process32NextW	snapshot_handle: 0x000002b4 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 1428	failed
1727545334.344375 Process32NextW	snapshot_handle: 0x0000027c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545336.359375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545338.359375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545340.359375 Process32NextW	snapshot_handle: 0x00000254 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545342.359375 Process32NextW	snapshot_handle: 0x00000254 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545344.359375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545346.375375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545348.391375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545350.391375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545352.391375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545354.391375 Process32NextW	snapshot_handle: 0x00000134 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545356.406375 Process32NextW	snapshot_handle: 0x00000254 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545358.406375 Process32NextW	snapshot_handle: 0x000002b4 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545360.406375 Process32NextW	snapshot_handle: 0x0000034c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545362.406375 Process32NextW	snapshot_handle: 0x0000034c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545364.406375 Process32NextW	snapshot_handle: 0x0000034c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545366.406375 Process32NextW	snapshot_handle: 0x0000034c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545368.406375 Process32NextW	snapshot_handle: 0x0000034c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545370.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545372.406375 Process32NextW	snapshot_handle: 0x00000368 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545374.406375 Process32NextW	snapshot_handle: 0x00000368 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545376.406375 Process32NextW	snapshot_handle: 0x00000368 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545378.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545380.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545382.406375 Process32NextW	snapshot_handle: 0x00000360 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545384.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545386.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545388.406375 Process32NextW	snapshot_handle: 0x0000029c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545390.406375 Process32NextW	snapshot_handle: 0x0000029c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545392.406375 Process32NextW	snapshot_handle: 0x0000029c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545394.406375 Process32NextW	snapshot_handle: 0x0000029c process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545396.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545398.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545400.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545402.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545404.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545406.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545408.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545410.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545412.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545414.406375 Process32NextW	snapshot_handle: 0x00000364 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545416.406375 Process32NextW	snapshot_handle: 0x000002bc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545418.406375 Process32NextW	snapshot_handle: 0x000002dc process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545420.406375 Process32NextW	snapshot_handle: 0x00000248 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545422.406375 Process32NextW	snapshot_handle: 0x00000248 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545424.406375 Process32NextW	snapshot_handle: 0x00000248 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545426.406375 Process32NextW	snapshot_handle: 0x00000360 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed
1727545428.406375 Process32NextW	snapshot_handle: 0x00000360 process_name: 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe process_identifier: 2092	failed

可执行文件使用UPX压缩 (3 个事件)

section	UPX0	description	节名称指示UPX
section	UPX1	description	节名称指示UPX
section	UPX2	description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (16 个事件)

host	114.114.114.114
host	8.8.8.8
host	71.103.77.134
host	121.154.230.173
host	2.112.77.67
host	137.116.59.51
host	140.172.245.59
host	142.150.123.179
host	211.210.82.160
host	216.217.96.32
host	184.241.116.223
host	167.13.66.216
host	159.147.104.8
host	223.219.245.178
host	111.31.84.145
host	8.177.202.121

一个进程试图延迟分析任务。 (1 个事件)

description

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe 试图睡眠 1682.272 秒，实际延迟分析时间 1682.272 秒

枚举服务，可能用于反虚拟化 (50 out of 12192 个事件)

Time & API	Arguments	Status
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.625375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.641375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.641375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.641375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.641375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.656375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.672375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed
1727545327.687375 EnumServicesStatusA	service_handle: 0x0050ca88 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿ:¸/QÿÜ::8NÐØPl[wÐØP¸/Qn8N°-QÄNèúGÍø;z8ûxÿÍ_w]%þÿÿÿz8[wr4[w°-Qno¨-Q0ü¿évN°-QÃ@\ýÜÞ°-QØþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意 (50 out of 60 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.D46E2DC4
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.D46E2DC4
AhnLab-V3	Worm/Win32.Agent.R234001
Antiy-AVL	Worm/Win32.Agent.cp
Arcabit	Generic.Malware.SP!V!Pk!prn.D46E2DC4
Avast	Win32:Malware-gen
Avira	TR/Crypt.ULPM.Gen
Baidu	Win32.Worm.Agent.fj
BitDefender	Generic.Malware.SP!V!Pk!prn.D46E2DC4
BitDefenderTheta	AI:Packer.AAAE805F1E
Bkav	W32.AIDetectVM.malware
CAT-QuickHeal	Worm.Sfone.A3
CMC	Worm.Win32.Agent!O
ClamAV	Win.Malware.D46e2dc-6911509-0
Comodo	Worm.Win32.Agent.CP@42tt
Cybereason	malicious.3aff08
Cylance	Unsafe
Cyren	W32/S-587afbdf!Eldorado
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.D46E2DC4 (B)
Endgame	malicious (moderate confidence)
F-Prot	W32/S-587afbdf!Eldorado
F-Secure	Trojan.TR/Crypt.ULPM.Gen
FireEye	Generic.mg.ab349593aff08e41
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.D46E2DC4
Ikarus	Worm.Win32.Agent.cp
Invincea	heuristic
Jiangmin	Worm.Agent.tt
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=87)
Malwarebytes	Worm.Agent.666
MaxSecure	Poly.Worm.Agent.CP
McAfee	W32/Generic.worm.f
McAfee-GW-Edition	BehavesLike.Win32.Derdero.cc
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.D46E2DC4
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.60F9.Malware.Gen
Rising	Worm.Agent!1.BDD2 (RDMK:cmRtazrX2leNSnYJdrNoxX0eJKAv)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00011000	0x00000000	0.0
UPX1	0x00012000	0x00009000	0x00008800	7.943864614025493
UPX2	0x0001b000	0x00001000	0x00000200	3.310390012806202

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

L!This program cannot be run in DOS mode.
cst11w
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,SC*
)Xx%7Z;+E08d=dw
wjw/n=1q6
m+g%o2v
b>'Y;:|.Q^
RU>}9,
q5=-|
A>xs3{
uY$m4 
3p0V!/?&
59J'5f?
,:Z%l!
#'f,o=
Oq,=>_
=N3Jb0
V.Q7u{
"+j-#M=M
\\*M<XV-
Lq0St}"B()'
?1y=3Gy
-v+eJ
e&]5?R?
0xj~==>%4s
3G)}.h}V
>/V$%+
OX*\X0_
$1>Pc}<-Q
yG/o.7V4
UN9JW4
!Z-m]E;
aH0"M'#
2Gz "B$# =r
7Stoe
I]88n1
,/H8j)
n4(Q--
 b)y/ 
;iC:6&g
0/e6n|'
9:"8wH
,>j++|&N5i>!vf4"B
v!/8<j$
4',P/ls0
i%#A<)
PHI-m
$!)\mh2
d0;,3r%M
7Z&y++s6'@
=a1%w9I4
1.B&_r"
.Uo22l9
^%/y!a
<}~'ck[
0f9=.xt
$p'j,%
&?25<6(#p_{32
gd2w%]K
W=TXB>`I=
g ;3L?!0
q2Qc0"j
Ti1NZ'FH
O3,Ab.
FN3/.1S'W'%
[Q x-
!L/i#i
p/:d-j8
#@5n6="
b'_944
(<N0#=0m 
6v*s$=E
3=;@!
G4W9fS(
d68-'>
G}b2( <
79+>[41>
R2*w3v
=?9]5+p)81x5:L??!
?rm#`<9lr\
sL6q(9
%}XV"1.
\W!>=N#<
-@/Aw%
B{.|'B E7
\1q$?)
3,,+&X*Z
<&"M>8$G~
"*@)7%
0U$IR/
(eZ9iC#n-e
<<D,!|o
R`;1g+
/0#6vh5)>x3
>+p(QT)
m&&'(@X[%
(P1U:L,N+
D&="1
m)\$=
<R1.'{
-4F.<2@
H[5Lo8(&>O"o
at$!'
YM3:6C
<X-c/1
=T&i"e
j`?b8E92<|
0?%w:-$F.5$
t,`$*+%!
W5I,b?g)
z:8?9)
L/N'N(
<uR'~=
(OX.)#d
&`#M"3&k!3;X"7
)2^"Cz/&H
l)Z3K";8
^7$~(QH
(h&ek+d5g
=-7%3#
>-t^*^$.
j-(4Er1"
52d90}
y'40%_U;
}c*<\!M-(V6Oy-
-25%n%
uE=P,J
!.&&4#.,5Mq{
T;bZ)"$
=)rF?+
6oE<^,)
%7#x4g#,O<t
6!*4'35
'm*n(7As 6m
1*dr5K3$6B_
9ni>sz(
S|@8=
4(46W#p0~-
)]*R/-
)y0u"\
 1?/^0
C5X,M Yk*
NB=%uD
%?|8OI
j(ey)`2
oc+S,y,[4V@
" %)8M
%C-&u$S-
;D9!.M '-
x(?^E#R
<=*t.2Q!d
I $$[7
8Eh)8M>B<<
.*{)R#C'w
(e]?P?
,I%46jX
)O2*G^
J.F%L7=(4h
:/5p4x
za?;6
b.qu#
C0-^*[(
!=!*N
7:H/3&2
L7k9  l
ZU"/:d,;e
,{s0*A
W%<;$k9!7[3
w( w]-(=
Rc1WR:
{P/$J'
9{pN2o&"
xsgH-F0P
N5~03r
}nB&4b _=N!
[9PU8=
"-b*y*X6
N1u6%J@4~?
%+u1C>
J:2_%z>[n#
1H3cd4Z
JT2s}4
b%>&x'!
D;l'R17
V;wvP,x!"
:NYb=?&~Mv
QJq?D$
.P:L?uo5%+oY
~j4-!g
\5w9z{. #
B4\?6-B
^S%-Hv|
- Kw/I595ry
 "g(f; S*4mp*8%
*+<tv+
#Ia0sn18
",'*?1F?
;.W|3
/f(>Cd*
N,V&},8$
jEM%D
@t'F=:
!) 5LB
MnR3&i#
%3%*I.
5B@,cF<P
H-9.tv>
ELk$f0%P1M
]Y,8%=
E;v9^D
i&48j9v
0/si6,:
51-Fb6Q)n
#]P=>`
6'&}<P0%.v
O")26"
5y3a37
o>2!>!
Ja>*43
he=+?8
8N8P2 _
<";jn/t`)a
Bm#[6
f%W)F8.6
<y,{>#3
%/l,&
!!:{(49X+
OW+R51T%qo,Y
)O`.z9]
>`>;&r&+Up
&>!358
\~)o!XJM=%w
9^w&M)ZO C
,=@/GH1V1I
(Y2c(<*8j&e
0+(=u#"
a-,J*(/p<$
%9}+%!`
|Ss6O/P2
+w>7+P
R3?=z.<E'9
UtS.^$!p
?%e=&/
X3#];[79
R;y+C/B
c_/C3,u
<*s2(0*
F");$.Xw
{6{5>l!*e>6UGR>5A17+
t"no@9
!(\"f 
3#QW6TO;.":Y!
b,@<+
3i1_S*
w; j>]a
Z.GO9/f
|)p4?y
#Jw+9y9mH>
 G'?b!b"HQ
-V{8_&
3>7QV'$
.yt=3\
%ic7rQ7
 ;X4E+,(
#)D=7U>r
E0#Zi`)@'
lh7so8<8c
!",x?&e
k/f4='
FS"'v>!rS
R6~:4Z+L
1.?C$C4
q6?<52
6oq3XY
g$*?u)14w}
kA9b4A-
&&1F1y
&U.#?6V
`2$K*67
^N+%??H
r$G'+Mk"8}
0*#-g,
}&)O=[`
!1|>*n)
7U.T?wc2'i/n??S0
1==i; 
_*Ua;5
2Q,xV5
 s9>0%5
,,}6];7
X^#?$P
D2uT>
Vu1_=&42
$''@R
0W.&y#$2
^5z 4j
&68[a)'
|)c7.2#*.:;8
H3ff,S
7B;I{(\+Wn;
6&{SX6j
<b)ey59
V^.7W>*v&`#xI
6Lh!-,
1"/w~v
]9 M;$K
\*;!,!
C e>u7$
e4u>!M2g
"QI?&x6
5$./:A.4a
r=;rb4
.Vj"M2
3?^h)m8
+:{:%TA
l!d>A"
er^(6I8u>}2G"
"u(=25t
#x.[28t
i,&,,0
hK&m,X
q8m1v"
q0@-7`H
2/py^
x1N<B32t"9U
=%M#j-y
;!t2$/
2Hc#+6"
2rOY7)h#
@2.c$'
L!;=#)
<0k-3[)
Z^>k:&ds
x#;Syl
n&iJ5<
 `%B?& 5w
K3*4jc
<i M1W
"A]'np
a/V(!R0E%qav
D;05{s
T*Vu0]
2a59&Xm{<?O*d1
!,z*OGS
nr2~o5
-',JV#
H(/4k<
+i%2\;%F
 ,x%)q
r<}6mj;(/8'$
L*6CV)
K!70Z*
8'E"$k<?d{
v&<!B17L
,51<*N"C
I9J4G7W
g~9|f,O
>!wF7 G6
9j0 K!
R(5,7y
>e95pl :=
,I\-`0
)}!C#
"[.H2F
 {;Uv-}:
1}J1p-w
ll(-/,7D%A
Y3|;9NX
OhW?\&
M2W.b%7 
'H9&Vi
`%=!.o
>X0Mh)Q.'
&8F*C>
<(3d?I#*7/
 PP:DM'
wi7,=>1I
,h*j:4T
"<D?'*(
Q65%|!
{%FIU7
E;M8%F(
g'g`/`U
<U<y$Xw1a
4586ys
Y2B:&"
q/a7>Li1C{q6X/
%8a.E:#u,B/
<t("m.<\;!
B7~/I(
f%{h<cj6
)}:nW
4%+>6=
Tf7*kC
x&x%E.>eV",0
0Q8v1|;6S0
=F)|`7:])Z
7E7/n2b
o!CW7v?
"_.9z$8
y;+z{1R:M2&E
A)I #V\
(0M%;e 
t/C#($j
%1*=a w
@0J7y+\P56x
tg;Cl(9r
,k><L>
KT/6:'
sk=5h<!9;
2G /eO-
 -p0!:
n4<#5
{9O0y<1,$
3<|%G7;m
g!"$.94a+-A;B
#D.'/~
6Zn*No;
}<*7.U~
"=K#X;"u3V
J,T6_04
oY=-(@1p
?}S)j#a
1 Eq'"X
+[+.#%*I
M'd|146s
>8kc?eH/R
5`'<jd
1 <C%x;5=H</hM
?20|/*
f'Q1p5"4UR
oJ4]/ F
FB:Jy#e
h<z>-/&LL
3l6!s6
$CN"5x
fN!7v*Zs&E!.
o30C|.
64H/.N,=eA/*d
{"n,WvC6!5
-i|)({
p<=F-"O!
-}W]=l
_-41B)~p(
<E}>YV
;=v<"+/Q
iz0!*b
"/,/U .
8#y52V
!P*=32
4?:-Z %
>?,)<
=$92f?
&&|A%m
c@3+>6}"?{S(La&s~
(/u]#y&i
(/k1?W
377s:.}
8pW<Ec
,5?'e:&
wG1pq<78
%/?Fz7"n)
*:>"<
,:5:k;D
+w4b'}f8
'0O'!j]
AO'9a*-s
X=21$HR
;j?@P<M;7~(y9Z
+u 1>j$(%
3';$n+8=.p)
1VW1E?.#^'
*x9bk=
 |. Jl
Q,/5jc
'(c5-9(a3|(
0(v*&p
;2Dwa797V
5C6`3I/
Lg%(.@i
=<<t,3
!/{N`  C!w
?7("&-s 50}
Ja"1h+*]
 o)W9 +
*dP>b*4
&h~5l$v%
=#FT-5|-~t"
"V29c%(
3/49N@
O7Q#8o
"}b3"q
!<?j'2
B1_t:J
b!S>Op
{?2"UK|'`X2
#8D<A64:$
;30yrq
>M0A2H
A2L<5f"
w" 4?f
)7z\"fB4
c8S235
ScP3Z1K
 3E,v#i
RO&P(gw-G%8C
U'e%+"
,1.!<^
#nb<8!93$"
`&`O%>j
?8?$m,
p";!%9
Yz >`}
%AY4P%
}4),+q
I*?&p-
:3%(z
4 RA-G>#m
0$y).(U
m/>'@7L
?*3[~#
l<f'EG
</-P,%+sB"
q@8k5`
q m$$F
s"./\>:
j2Ar$
/;8v71%)":
9?r<l7
Mb=c"&
+1,"#
6I}5<]
!K"%@X
=v9 0"5
H",=,46'd
8RLf =~J
\"(0|>v,
6&"]5'R
_42}TyM =R
!Uv)3~#$
$w)M1e
-3Xw<c^
=+4>47)/Z4,
tg4mM.BF )
fy2K%I
5*yP=[ Y)Y
Q9'o-n+%c
(6c5{O
+|(,\-|b
Ol$0^.:C.
_/1>$U/
{2.=6`9:
!zX$A
!16JO7
>K;%L#
 HLaog
*0!+'G8
3S=f!#
7b+T`2\a/j@.
QY:|i=
,7%OY<
]+P: H
M/Dh6=8
n<7F,9
/_#9=hu9?z=
u:Yj+?
^?5+.@
6-:E_(A
V5@K-;.
7FJ$f27l*8
?E:6t6
416k0=B5[e
GdY20S$G:.g<L^1V
n~E-z9Z{f7*
d$1^;eI
vc>C5h+*4,
-?Q-}6Q*u
L6\-) B
\p=qC=<
z'Up,l%-,r
JVI'O24
/l;v:4
/|>|_'
?C1_!t,2
o672/uO%
81+VaAQU82
(~(3@/w
6L$rZ)
;)<~0)C
t]  9*;.M9\
9gm*>"r6[
<S$OX7
Y#k26{*3
W#G=J,<;sN
ie<"-k>
]5,TJ*\7
]<lz<5Z.
/7yx%2e>|9U)I
. 9>9DY?_8
,*z.2l
111]19-
,Vz5!?R
w@(bW<
'-F!u+BC
c&T<<D+
|57v]H
 Z=Q|-x
( 3],,p==,
%7''m"S
>;.=2L
;l#.#b
Uc86*(
:q#FGh
4 O?9Q
yyJ7H` (0
#[D5Vde
"#a%Lw<&!
[O,C%tP!F
32%^S(F
&[-8&J(^:,
9.V5I2T
!r4//#,%Ky
2c-=+d
's2{$E9aq
e| /go
'<E6"^.'
=?=n?:
:qw4vZ
8hk"9o
b;6a";
'l$2+}
IY*U"5N</_Dy04x$5O@( H
`h_<Aq/
 :X&+p1
l@=52F
%W3LL&
K<b9'T7^
ZT3k_+["
F+f4)sao
eu&<.WJY
#fk8,D,Q8|83)"P0zj(R
x,vWr:
)l9-b:
/V<V?}
!u423k
/Oa;%N-/:G
!&p'q,
w)P.-M
>U-,%Pk
0P#u31
/z#C,3iE
X:m{'L!
E(G28)
-7.B'
[N5)>0TN
7/^%1**%'
v*O(vQ
z3h-'
),Ros+
\:+9bi1,]
=%-'.3Z
i.+8-4bE*jF8~(
XA/?B1
$2 .(#
U3w,)s5-
x=)$+R*/+
Lmd>'
ACR!m;V
4KpBT!?8
(>*<)eg/4K;0Gj
4G0_36
R'|< 4T
&p$Q O5?&
 6Y2 
F$~$h<;
!vQl4/
D[w>/6q,
;,~[b!j
<"l#08z)B
J$M+(&
e'"t=6)
6aH-78
t>&z"+c
E%,6<@
a2t.% 9-e`>
71\<(F
i%?T '$
=x;J<I
1>n8{b8|r
gs>d451P$0+
"1+^:9
]F=vNw(
|`4w;>Q
ND>\=~x
!Y%.X13
'k3!0H>h*
be.E|62
+%S)pm6
(Jq>Mg
+=$6uN<4L1
*C7L&r
rl/ao0;b1$773
w_'_<-
?'U3H91
Gl7$B?.O,
7ZT8J$I
>0{:7N9-)E
t:<Z:[A =di5
w^/<nf8WN*7,;1
o1{3,x8H]
Qrb# 8I
pt~/9=5C5~
D'`!495
) <H+U8x
*-)JC<_)';
{c'.?+
}"&X(#
VR?-r5
Qz#>6@W
&X?y/
7S(`/ 
#[1r(+7
E{16<s8
h|2c=h
0]3y.&
(<W??i!
@4p#nC]-
p%Gm3/`
guN">81
kID4x.,w/`9
eRH:+j
IB5pF5
0<04- 
T6R$bC
'0.#?@
 b)+-!'
P;=yx/N3uPA
]R-5Q'
/:Xq2{C1&2
i+Kl'LJ
>$&8ow!~4#r
&ZI:B$%
E(5.SY
(c3*pY57
0Et+'*
k&66:9
.1k7L2:
%d*W*(1
NE#-x;9
S&@(D/*"}!
 s>,N[s1
">#vE 
,N4UI z]"8p1'L(XO8T&
u qA>\q
^{"'_{;$v,=_
#)7o="VL
?+1Mm1&n,)?
!\,"&
$[&3)=6
**'w2w
#J'th<<
<Go-0O
c[5B5
-eD/~t"
0O7Em3
 )UP3x8'u
&"NC+0
}zH0T.(5,K
.~3-4h
4!No1OHD
T17'"<-
+HM4u6$
NA0@F.p5
&4MHb'O0)Z_-Z
+8e*8<+!
 mc6Bb
o&<'0j]
+i<4?IZ
y#e=%#:
*%(v?:
h(oQ4>
1=y8]'!7,
9a">FZ<)
;-'XO999
>ySU>e
Mz!"=[!22;+
(VF:3o50
j(tR($5
!rv6GqC+^\
dr..*_
E_45R~5
T]%5.zK
1R/j*&6&>-pm/;t$
iE5<0Qh?
<=(?=v
bu5N/8
$+8v<}
5~&%%xB%
1D0bs-$
6$h&;EV#'S
o2Mz/})%#H4A}
.}/.['@
I5l*@L?h"K4/T
LO?6e?)lU
);1{!~r2i
cr3!{c00 8
 PA2]/sKH,\
-%6:.>
nM2=a#K
D8"Uw=
}4:w"3
-??_'4M
e251&.
Y$zB0f
)umU(V@;
!(2ul:+:4
(?&b_2t
l1Oh24>A
Ls> y?1<.
2mZ)7%M
.Z;;SN
"KE-Zy.Gs'8"8*/cp;
I)fn0%
4t<7j?
*p8*q}
'3nq/{
'7?EQ,j=$G=
v<g{7]R3E'9Q
v62]=
{2=(Z<F`Y
9<6v+*
>9K>}u
DK,].q
+5x0&p*
 O1z&f1
,9$'J(
A4_F?y
y."W#o
!`$Y%?
VI.+V=
A8+|?7cT6
L_ +.7{8S
?ZK_#`??1a>
/*<0I'@
tL2h.[
<j'1Gt-
(!KV#w0s.f}!k@
=v8T) 
/P~}7}79,#$/1
.:=h$0
?&1v3~0
u?%<-!
D6.bz'k!
#-&V3o`7B2
!MEE3\0Y6q
H7-t&(%
TG?);5
H0CH<H&
c;#83<
a+1?<s
O-77I>BCW
[E*Uy*6{<d(-
xV+g}r7n+'ii
O4 9Qc
w'-T {g
#]m>so4!
9lF6}d4$/=
q`R9v0#Y%
$w.(:a
D"e'+I
73"PJ%
HoZ.L
'X.x*)
@$?mA3Ze
\12&)A/
V^m#/Ys
>R*r=c?
{]U0t$
341+I9
,?152GI
G"[ [k1
:b:3Vl
!+Ur/1DO5?
.&K3`y0-l2_
JD&n6b
uQ<2)P
 .y7S>Z
3r2% ~
;;Z,&V
.r1)3r
=D2B*h
m9E21HP
i{v nQ0
uN={.G
=!W;t;]
FT -<t55\0h
>c/}B.lt.?,
U+.8Z
?Xa(8^;
3%n8:A
u*+Y$Z
FV'r#2M
;+W0c-
:<~86um*2
C/Lf-%L
\57Z5&pO
f7m+8'
IKn?ND
{<5B0#6*ru>[
i48|(k$
x =8+wj
11#-~>o~
:|(#=O
0>1M2&
g+2N=|
[4U#?qG
9Nr$5*X5:
+F#C%`
LR1gY&{
#M;"-2z
(\4%j-^D,
)D5-a_24B6[^Q
'0K*rO#E'*o
<X+o?`
*0Is7:Gy#
o 2Lqw
_$+=> $\
*X)4+5
9uy;%M/
6;D ?R
\?\>pC4]
48}1y-
)A3q5&h>
jh)lA>;,p/
)1^]'aH/8n'N3to
<C,8W}
@?+>dO
(u*0u)/
%,&(QB)
B$[({4&Tc
1" q-K
Hd%D+.1
|-6626":
i**Oy6
2$lsU0/;
<*;PH'
/u5_; 
 /6g-C
^~n%I*
'k75a'_
,*'@)0f0:p
1"nY3gu!
j,:B<1
(H;_??L
>!3`:/q
9%)2b5
KW5@N/66<
T![Q?8xU
Io&.)
X#60O%
6ch5=Ii
wn{=#.:t.E
|W]$!D
Nq)N'_,
2$M<Y~0TNQ
:N89>}
)"$'!9&:
`221*4t
:N-~ej
h/@<$A
5^++V/
.(yX4s
.Iq.*sA-
;<897)00,G}
g=( 4c!
6y(WL9)&cM
kY}(TB
$&Y)x~E=
=G9X? 
>[ =I|$v
(w0j{)<-F
<p)m>9
"=:7YG]
?^,B0|4
4PY"Aw
Z>Na ^U
a#tCp&+&y<W
#3A3[+2(
l/.%8*n
a"Fx76#]=
6v9G~<
wl?(eo
58(b<6}$
&z-#4F
O7>N+92'`
m2'2;M;
t=Pu2="]
2+!{+ 6_a4B
+'+"<4am
%:,A@
7!0-4o$
ZZ$<"6
c/2rl8
T99Q7%
619?N&g 
6s#+t%-'
"iV#q.=T<f
7?(T,{!5
,S l&E/
x 4pO+
+HN`5#d
(&0<M9#
u,x(AU:JG
<)(rY3
G)^;aU.q
H8Ev 6pE
4Wb*r&:n
=9j%/t
)=>R:~
X'*3HI%
Ec7-;w,]
"6bW6?y6
5oE $h)
d3Mq$6
2= 4y"
^84u9>:@$&
'A72k'![
!"Zt
2U9793^v#L
B_5<.^,
 ;f=e%E{
Ck?.p5'K3<Z
51067:j$
DA*"Jn<
S+:0lt
u~9j:%6
Ue]-" 
!%5##bC[.
`*:Yk|
X,")/(<
ub /P8-
+34Z0<
}#`M-I
;UC7N!M
1D.8.-r3?.S-_4
n/Eh5G*}$*t"C\
xH-aQ.f
s[3I [7
ef2<s?{)"(y
X>c<&0)** x
 fJ$QV%v
-"% 3'|
!0=Q2T'
+p":9=1nd;
$+"G;,
?E7F>>Y4~
'yur3 ,_
y1Pp-"Fb -
MA;R!=2%
~.A[=2E{53
*r +m>
R,^/-+8B
G#+.*'Kl
*A(k$8
f=i*Z2
e 6g77
9*)0[,
E%'l#B
=6,;6W%
8hE(N'Q?:
|E-]K+<
?E(h/:q@2
}n%zn.]<]^>t4T
vI4X64Yc
4Da!H+<
lp(b#\*77U
PU9HY222
(2.3.
z380 <P7p21EZ
X1Ix0B^9[O"
2*S1(
{/JA8W
%K&WfP
.*b=>&
:QJ*&N
\% : n
ht4&/A$5;
4}P;ul
6% R>J
>c7bJ
6AV0X;0M
B$\?|#!`/U3t
:i63#5
&LmY 3"
.(;.8%4k
{$'V4c
2Q$ //i
w7X=j.*e
Q)),>"(+N
Drp#:p
$|%Pi4GW
V/u~#4.
!X@;}E=
r/Z5)LBn'w
6Dz0L,,&i
[{&%8 9K
2$*)cFxl
4D0LS%R
B@i!{mR)
B=Q$} $e-&
n |L<i\1W
#0:w5:2k
o$^)<=
1|)+H@&/
][5YXm,%K3
%E;~_6h
Nm?XE%
w9B4O?s
rJ?mH8
H=E^98/
$;j1.*Z
{ ,*uU/
u,S"5Bm
(7se*(01"?S
}<>}E4
b=},k(
Y4v"/]
YY0R-R5
Y!:l>/$K(0=
XJ">>4
U9HZ:
@!P4(A"
.`"Z#P
=(;;%&K9
ZOv!mA
&^wN&
"6X7k;<
+3688(
:#Wj;[
*d5R=G3
'^%:L+
j;z.!"
 >>Q<"3
z=#`;v+O
>!T5~=k+E
-."O5?%4
D?b54y
#]9[7!%R
)i<(-uSX;(
*tJB3Z(*
%c&B<"
89U&P"f/?
.X-s2i#<;);
7*0'1*
/X=e-@'.q;>
-"jb2>
cL::Y~
2,pi<|
9P0]a*y
sV$`R0
",8U-?
#_&rln9
6K/~%u
yt2V{l
{^#[>Qg
?<9E?$
.5\+g62
9KR&*/
g"(Q+0Q{
0rL+0=
;j/"[8T
Y#"=%nL
|}/ ='z
y 9w-K/}$
'\1-`x/B
J6$~%zC
:?CI#$432>A,
v%/54w"_
:MkV5be
8C+)Mo"
Ep7yI=3:t4
kGw-7Q#
W-66O#3s|
.,0L;[
 %03GC6,T
372n)+#6":
x,97F?:s
G$_;yY
; %7~#9
f!pP2
Q}6n(1|w
TV YE5
X^4O7z
v1a) U=|B
_.9Vu2R8b'*,,
+&!'&
P};A5:
;BNh<9Z.C
^>%[\,L@
6L=2*v"l
jW"7n`:7
'$(+e:
+8t%xI
)?3,8#.
1(;"5w~
]'T.3|0=N
lm+  vU
C'"?i})
/I10#;Y
Z:d7 %
~5\/$.bk6_I,Y
A.$L2M
#Xch'P
^Z)Pbp
+?J^-2uG.
49;^U&a+L
A,+=4x
',B{S/2
8M$:*C
.r7R!ki /6
e!-;c]
%EQ,f#riA3d>F;;P"00
/6?(*S.:R:G&i
##Cb C>=
}G5-&
Ve ]G0"
*n$co/
F95Bv<+
) 8/z///
$Xh(O&D4
U!>2t_
HcI(-d:5?
l)&Q:#yg
'50/!"
7B;Sy-$.C
Z;7:5^%B
<s)`U>k[
iJ,?%17
xS4V9a+
Zy7p/,
*]>83(jc": 
m/qa"h&
"AZBp0
{3uW.4KD
(tP3m
Z*#K!.t
d7*k:S
6J^&G3
C_/,71
a5>e6*u/|f5H.
hk16?H
llM.U?
*M6,2,
2NX;<.m&{6
-v7y*(+b"
4_l;@3
r)R;K2e% 
!Mh50:S
fZ>y,t}b
(S7r)z+k
ki)i\59'5==
1e]-(?2*
+0T*I:
(OY=Q6;|
>^>U<4
8Xw&Y2
1*.8FI'g
*::hW?]P:
bf$U<B+J
Z&,3n1$
Q<0<D
"f+AB 
Li{&8&/
C{,tm+GD2
;y:B/
KC#13f
-6+73E"0
8a0I('<K1}
;n*41r.
{hR8CB"K>
&x\1nWD
eV+;h/gP
BRw?Q
,+<o%"H6i5
]82(32~?X|b
`<Yx0-
^,R*:r
%1$&E#Cl3\P
$/[G~+A
#V]-):,$o
>8B\+a p6
R ()6&L>
@0?eO6>@*
6:;I5r
W%K`?
_1*D97
)KT:To
 0!!>J*4
xg:6l$B8
h: !}
lke55_='y
8%(/;U?
*T<63X
-(i74
$!u|*P
+\+\ew&K
r<M3k8)5
py/_!#`e?y
<v,?4.
#%,Ke$9@
G%t@m=4o,
\0"u=r$;6Q
EqT"}?_p#BZ'C]18k
^67Gc2
?'$-h<7*6
2A!iw;
jd7,M?i
z>.+mr
F7v?x[
UB#O0`
*Ug"8F
3Jy,4 DZ*
oW?o846
k1J<Mo#X)#8
$V]Y#yNY%tQ
5/"412Q8
CN7@z/-A
]8k`?r96<$h,
fN&IG.$
S'49*:d6a
c1Kv/0C"H(Vy'G0
n>"~#
CW1:}2(-5-
%eA8%p<
*#.qW+.
26x928
/Y:&"O
1]90c"
9%.n,
j#L:zK
,.2"YV
\m*A2M/
!s~,pT3=
61{<kR>"
/-D{3c)2F
b8O.1 
0&9C0
'/t;S%M
4a7B%=
H+7M+@
-;=<4'
5m<x{@
_n3291
{}O&T/
v)p*:$"
,|y$=S 
;)NQ'}
S["fV6<
>f1y)X%)r2
r'4--.2m
A?3m2?6
^1a.n.
|$MU=m)(?Z9
=u18;z:
=B=o4S2
5,@iY3I=
U6(Q33n
.9rs4Gl1b
/fy3{N3
-dPe,
"6+c W9
zt"i+(
>M'-{=
pks ]?t&"V>B;
*o}bN
}7JY?|
Y_;N@n?_
UKE* ?Z
4hz.)"s+
<6|( $
aC=ra8
A/;K1R
#2Zo2K]:
\%=BjV/c8T
O/' "XH
@/f[";
GY(4g 
000)1W
T? 3.K<
<|&{7,(g
$',4U7
Dw%86w%?=
li-f,"
pW$]d
;*{&$'u+2
!%+N)O!=z
A:F##m
7mdP*b
S2-E7Z<
<G5H/o+>
8c>z,9[~6B39L
Id>!k7!:0<*
d5-5(e
b{#?r37D6
+21O69"
2NB6YCw;
1a0-W:y
U.VKt
$B1:AU)4R
J4\-&)
0>I}>0
',Y>Q^6j;'
:6H9i]8 %"
k[!"]2
N-1DKY-/
RL#%."T
>g$|&'s
?S2zD(!t3NW4
\1:0J.1
`V>oL$
#O/b(:$/L
2}'A\=#
!Q<yMy .+;
}0gM%Z
mv-$w%)
fy,#K|
kW0)/^6
<+ d$o5
/9=P;'
3{%c2*ym
(G660R
[}$7z%(6x
s.9{73
qv,`.3
,3u n >?Y
7f9O*y
O:b=}
{)^/WM
!s=f69PZ>;2j5 E
U/&H)f#g']
,N5?4_
O?+$%VE
S'v4I5
;,6f6[(
b10.@'
~Z.sU"8
1+x8Z00k|6W~v
=i4,dY%w
1pd17:
h?<)s"
R&V)52
`D:P-
5%"?Q"
<<|"1.
F%9! !9}
n(.A.89
2W,ya7
/M- [&#1L9\7f
_YY84b
%I2$C'
k:[5<G{#
{4;Tx9
7BK#K1)c[
/SXY$nf
q"1^35
(82kE&
W4]U=A >
6D!YgV
#r+5\L2
7/? P(
h2AK5^#rF
Zm#+FK1
,(cd40'!Jb
x<EAU
i]#F!I\7
,2S=&T
n<<~?;5
?N%/6FUR
,?b*OW&
\a&Y0H-#
8Hx!yq
&S5!3V(
!m4`[-u9k
$K47{"tX&
;Z?o#W'
+Gs0dp
mG&i(k:sh.fm
?/3cO>y|=e
2 WA]%
f41nmD'
w>\!| 
D?@:i6"?!
.15Dj+
m+.K<

Process Tree

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe (2400) "C:\Users\Administrator\AppData\Local\Temp\0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe"
- 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe (1428) "C:\Users\Administrator\AppData\Local\Temp\0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe"
  - 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe (2092) "C:\Users\Administrator\AppData\Local\Temp\0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe"
- 0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe (2016) "C:\Users\Administrator\AppData\Local\Temp\0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe"

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe, PID: 2400, Parent PID: 2948

default registry file network process services synchronisation iexplore office pdf

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe, PID: 1428, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe, PID: 2016, Parent PID: 2400

default registry file network process services synchronisation iexplore office pdf

0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe, PID: 2092, Parent PID: 1428

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
71.103.77.134
121.154.230.173
2.112.77.67
137.116.59.51
140.172.245.59
142.150.123.179
211.210.82.160
216.217.96.32
184.241.116.223
167.13.66.216
159.147.104.8
223.219.245.178
111.31.84.145
8.177.202.121

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
134.77.103.71.in-addr.arpa
173.230.154.121.in-addr.arpa
67.77.112.2.in-addr.arpa	PTR host-2-112-77-67.business.telecomitalia.it
51.59.116.137.in-addr.arpa
59.245.172.140.in-addr.arpa
179.123.150.142.in-addr.arpa
160.82.210.211.in-addr.arpa
32.96.217.216.in-addr.arpa	PTR 32.96.217.216.transedge.com
223.116.241.184.in-addr.arpa	PTR ip-184-241-116-223.washdc.spcsdns.net
216.66.13.167.in-addr.arpa
8.104.147.159.in-addr.arpa	PTR 159-147-104-8.red-acceso.airtel.net
178.245.219.223.in-addr.arpa
145.84.31.111.in-addr.arpa
121.202.177.8.in-addr.arpa

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	61714	8.8.8.8	53
192.168.56.101	56933	8.8.8.8	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	137	71.103.77.134	137
192.168.56.101	52215	114.114.114.114	53
192.168.56.101	52215	8.8.8.8	53
192.168.56.101	137	121.154.230.173	137
192.168.56.101	62361	8.8.8.8	53
192.168.56.101	62361	114.114.114.114	53
192.168.56.101	58985	114.114.114.114	53
192.168.56.101	58985	8.8.8.8	53
192.168.56.101	137	137.116.59.51	137
192.168.56.101	50075	8.8.8.8	53
192.168.56.101	137	140.172.245.59	137
192.168.56.101	58624	8.8.8.8	53
192.168.56.101	58624	114.114.114.114	53
192.168.56.101	137	142.150.123.179	137
192.168.56.101	62044	8.8.8.8	53
192.168.56.101	137	211.210.82.160	137
192.168.56.101	62515	8.8.8.8	53
192.168.56.101	60330	8.8.8.8	53
192.168.56.101	61322	8.8.8.8	53
192.168.56.101	137	167.13.66.216	137
192.168.56.101	62306	8.8.8.8	53
192.168.56.101	55142	8.8.8.8	53
192.168.56.101	55142	114.114.114.114	53
192.168.56.101	137	223.219.245.178	137
192.168.56.101	56111	8.8.8.8	53
192.168.56.101	137	111.31.84.145	137
192.168.56.101	58005	8.8.8.8	53
192.168.56.101	137	8.177.202.121	137

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type
192.168.56.101	2.112.77.67	8
192.168.56.101	114.114.114.114	3
192.168.56.101	114.114.114.114	3
192.168.56.101	216.217.96.32	8
192.168.56.101	184.241.116.223	8
192.168.56.101	159.147.104.8	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	6fe334108eec41a9_norwegian gang bang fucking voyeur shower (sarah,karin).rar.exe
Filepath	C:\Windows\SysWOW64\IME\shared\norwegian gang bang fucking voyeur shower (Sarah,Karin).rar.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d3a2f5062ab5765ab5b99b2e917887a9`
SHA1	`eb7dba1a68d60251942d2280eeec75cf7ba89700`
SHA256	`6fe334108eec41a9360fad0b6ee4f29faf8bd9d9a2360b4dde0d6ffddffb7e06`
CRC32	`FF6EC2A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63a133fb4d648c64_asian nude hot (!) ash swallow .avi.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian nude hot (!) ash swallow .avi.exe
Size	1.9MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ca3e8a5488b8395d7d2feba3c9dd47d0`
SHA1	`28fe1ba182109c03aa9661951a6b3a0119c60485`
SHA256	`63a133fb4d648c6442142fa850a2c18241e7dae0b7584517d8bd2012fa183c6c`
CRC32	`B419A755`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b53ecee3f6525fac_norwegian cum horse [milf] nipples .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\norwegian cum horse [milf] nipples .zip.exe
Size	1.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a9365bee0abcb047d89e3d50626c8fef`
SHA1	`e6e57576e3767f46a456de77fcbe075224ae2281`
SHA256	`b53ecee3f6525fac9d43b775f5dfeaac3471e87e18e6d4efc48f3792c9ec92e0`
CRC32	`E1403989`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64eafbd306facbb8_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	ASCII text, with CRLF line terminators
MD5	`61097df268da1c54649bc9691119a473`
SHA1	`6761d3ef931809cd7a4b53d43b6e3241a7291932`
SHA256	`64eafbd306facbb849e1ff237cd3418787a51ad6e87ec1768b42d52c743960df`
CRC32	`BB837863`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c9e170c1ac405d4_lesbian [milf] glans .mpg.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\lesbian [milf] glans .mpg.exe
Size	490.1KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a6597a125a05b1b31cc3b92c5672ccd9`
SHA1	`865bdcaea2160c41c4891e62f127544bcb4f690e`
SHA256	`4c9e170c1ac405d412c204f27d87d3d9b0fce34dbef854b9385e444376343ec9`
CRC32	`7654F561`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf063f08522ad167_african cumshot [free] leather (kathrin,kathrin).mpg.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\african cumshot [free] leather (Kathrin,Kathrin).mpg.exe
Size	311.7KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`847132841225f2fa92b3856fbc6e0256`
SHA1	`277377afc767f6b84e03e6a5bc62e074976f752b`
SHA256	`cf063f08522ad1675673f2274092d9bf101f9e8f1a16441a33ca6cd799b5a09c`
CRC32	`12BE348A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c776008511d8897_black xxx hidden latex .avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\black xxx hidden latex .avi.exe
Size	1.3MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ca6112f516e66dad77fb7ba4881eb634`
SHA1	`58aa0c38e4514f5bdc57d7de2ef708646ab19fdb`
SHA256	`5c776008511d88970b560f2877b550ba5d7f12ef3a197ef6a12ab4ed121f80b4`
CRC32	`F5F17ED6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4052c9e3e7846d08_russian kicking full movie latex (kathrin).rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian kicking full movie latex (Kathrin).rar.exe
Size	2.1MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f8aceacc01eef30ca4ed958972dd1db4`
SHA1	`813405d5b7a2efcc2f2783aa7cf2da10d4b4e0e7`
SHA256	`4052c9e3e7846d0865f2c7081f1c61d3353d98139c536a20b38fa56c5dde0be9`
CRC32	`D510F501`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	be995a76f6005d0c_italian lesbian uncut mature .mpg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\italian lesbian uncut mature .mpg.exe
Size	454.9KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`49f2a3fb8e4c51cfad247be17e530e56`
SHA1	`124abbac13ca18caf88a572116380846de7c8c3c`
SHA256	`be995a76f6005d0cde63dd07648fd9018a58691fdec056469156cb2921b778ba`
CRC32	`2E003F2C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16dc6b1c84100e04_american nude lesbian .mpeg.exe
Filepath	C:\Users\Default\AppData\Local\Temp\american nude lesbian .mpeg.exe
Size	766.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c4e2f7e7119a7e3a28a5545c51ad1156`
SHA1	`5d50a45802f080908c1928965a96beedd05f18a2`
SHA256	`16dc6b1c84100e04c3f3d0e2ff5348ae32c3983c5f64af1571c80c475c87d6b2`
CRC32	`F8D01353`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7eee686527c1f49_cum uncut .rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\cum uncut .rar.exe
Size	184.4KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`833100d016e11ec5a42857f2cfa3a2c4`
SHA1	`f04c5ef2e5c3685f4c511413a88b97abd45ada92`
SHA256	`c7eee686527c1f49ef3e42b90c41f225b988863cdd805c617984f1081a6ac4ff`
CRC32	`0A346933`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c9ecdeaf887ae133_fetish masturbation wifey .mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\fetish masturbation wifey .mpg.exe
Size	464.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f864606fad4946998386def95617afcb`
SHA1	`aa8e874b55721c827280ebfa28c33f98755ddd64`
SHA256	`c9ecdeaf887ae133ad9417fcc173de459c316715fa15330bb3959ca7e1391f30`
CRC32	`B138B30B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	03fcf14fb6a6ac51_fucking lesbian granny .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking lesbian granny .mpeg.exe
Size	668.9KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2f2c47f44adeb24187a592d855b4e6b3`
SHA1	`9a38802d9f306012bef327859b6bd2c6f2005a4f`
SHA256	`03fcf14fb6a6ac51b348839589525c8d41a250b45396b7d9ce489e62d0e85b42`
CRC32	`990C1AD4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	837708682a8b85e2_indian nude action big .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude action big .mpeg.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`88453e096cf6951ca5cea4c32ce98491`
SHA1	`3957420f9f373cc4a979b9e4658482940482f9c4`
SHA256	`837708682a8b85e260c619ee189c019aecd930c319420ba92c55116dc415f69a`
CRC32	`480F61FE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	835287dd0b4b8323_malaysia bukkake masturbation .mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\malaysia bukkake masturbation .mpeg.exe
Size	2.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fa980154c230b20bf1502ed6af4e2c6d`
SHA1	`4e335b01d7cf93b2e25976e1311c45a4bd18cb27`
SHA256	`835287dd0b4b832380d581c4978e7896db7b4bc45520be7439a14fbc76904000`
CRC32	`63F0C4CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5390b87a1e13a982_canadian gang bang voyeur .zip.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\canadian gang bang voyeur .zip.exe
Size	2.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4099fd6f1bfce1d4cba139795b7545ac`
SHA1	`b5d775b013bc6396245273cf1dab08a599883148`
SHA256	`5390b87a1e13a98279aab2ded263b864a644fe9f76a857a5d046402c957ac5d5`
CRC32	`B109D6EF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c91253d778555dd0_french gang bang beast masturbation 40+ .rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french gang bang beast masturbation 40+ .rar.exe
Size	1.6MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b7bd00f6e449ff2e94df159bed532e4c`
SHA1	`3d24ce527c4843ea1be711d5598d4e3d0128f8e9`
SHA256	`c91253d778555dd0f3c922a7e7cf1457c6b5637b8bdd63caa3ee56ccb3bb6149`
CRC32	`D91D5405`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad739ba98b6161c9_beast action uncut cock (karin).mpeg.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\beast action uncut cock (Karin).mpeg.exe
Size	1.5MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b3e27330d36daa6b798d2fb101e45d73`
SHA1	`cab49546e4c0a9809b9aa103181b2de3af2bebd0`
SHA256	`ad739ba98b6161c9d042cb0f9b0024dd0f52b2f2b815c5f0831708b89cb0cd60`
CRC32	`6FE6B192`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	22799d30e91136fd_nude licking .zip.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude licking .zip.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`36f283606c83fd87650bb60b81fb43f7`
SHA1	`4284ae74d94f8259a61a560da54e858b36cce808`
SHA256	`22799d30e91136fdfdc73bfbcef50bbe034a1e7aa57f1e3c858921b1bcbf6e29`
CRC32	`83B1AFF6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f63d6964a0d2990f_german porn catfight .rar.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\german porn catfight .rar.exe
Size	2.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`762455e799bb2992682590d86bb80ba1`
SHA1	`9ac136e2927773b15e8d4d14d9a9a34bd095f15b`
SHA256	`f63d6964a0d2990ffbd64c913a4c2f5a629452176964e545c96ec6bb3dc79a6c`
CRC32	`347D6919`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aec5c5e12869ce7c_black fucking sleeping shower .mpeg.exe
Filepath	C:\Users\Default\Downloads\black fucking sleeping shower .mpeg.exe
Size	121.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4bbfac9e4d3babfc66fe57fbc74ff097`
SHA1	`6411bd18b7339dc784a9b71d45e7dc6b2f16dc09`
SHA256	`aec5c5e12869ce7cf37d39f2e6fbd57b1ab009a2ffbb6439bc34bef028146fc0`
CRC32	`9A2A25F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1f2da5c8def14b09_black porn uncut hole .rar.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\black porn uncut hole .rar.exe
Size	1.4MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ecbc6e97d3d8523c5d4bcc1f0bd5857f`
SHA1	`83981d628ad386eb08d62326db644df7eaf3b63c`
SHA256	`1f2da5c8def14b09e56883a7e65d0465f71c4d4c70e1cb3d6f05c1a090ed504b`
CRC32	`EC39BAB6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	407e1494b17a569b_german hardcore several models upskirt .zip.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\german hardcore several models upskirt .zip.exe
Size	169.1KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`12f8a606be08b97ae1f4180a3ba9ab32`
SHA1	`e829d0064e9b5ba4f16976eca21fdef6aa4dec61`
SHA256	`407e1494b17a569b2d4ebaeed0b3dcc04aed0894d89103a22d6740724217cedf`
CRC32	`8D546A82`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	afd2dd083dd8bac3_handjob masturbation lady (sonja).mpg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob masturbation lady (Sonja).mpg.exe
Size	1.3MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`376abebb71c5429a4f29965ade29e7ef`
SHA1	`f535c67485a95581b04dcfdc6b157f748dd948c8`
SHA256	`afd2dd083dd8bac34ccc30f26181613f8517cb0e8e06b8d91a32988c80acf6aa`
CRC32	`D9D7AD59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef6b1aa2ecf5c7b3_malaysia animal kicking [bangbus] swallow .mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\malaysia animal kicking [bangbus] swallow .mpeg.exe
Size	995.4KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bd73125ad1fefca2a4dff76cfbc6e966`
SHA1	`f157b495287440f98d32e5509b4761d4b28f51fc`
SHA256	`ef6b1aa2ecf5c7b36f1d603c6136b28990aae0f9aba19795184c0846650728bb`
CRC32	`83F49D11`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62a88ae9887b5521_cum lingerie full movie glans bondage .rar.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\cum lingerie full movie glans bondage .rar.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7f61537bf076832c71292938777d413c`
SHA1	`7f714bff109d54a5f55f4f70a49b07505652e70a`
SHA256	`62a88ae9887b55219461f4f87ee3a24ce14bdef5f06269697aeb286a8b36caca`
CRC32	`D601E696`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0374e4b0f7051ec_animal lingerie full movie blondie .mpg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\animal lingerie full movie blondie .mpg.exe
Size	984.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0d2901f184b97b56a2a33501a1596ee2`
SHA1	`5198ee96447b3ba964c9557b65773f9accf502e6`
SHA256	`f0374e4b0f7051ec75705b94bd97b107be877ba8440afaf9b1484cd121fa7e8f`
CRC32	`FA86E596`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7720fa682d20333d_gay hot (!) young .avi.exe
Filepath	C:\Windows\assembly\tmp\gay hot (!) young .avi.exe
Size	1.9MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`226ebe3450a7546bef3cf4db3ab76aab`
SHA1	`a0a66f7c9de2abaab4332f098ab4f1fcd1598946`
SHA256	`7720fa682d20333dc06c69a0b78b5af615131359ea7386db694b51ac0aaefc56`
CRC32	`7C867149`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7c6f3f41ab111365_blowjob gang bang voyeur boobs redhair .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob gang bang voyeur boobs redhair .mpeg.exe
Size	1.5MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7c9589e26e8701391f74c495194ad003`
SHA1	`2dbb54fa5ff190d4c6e8de8472f97abc4fa9e70a`
SHA256	`7c6f3f41ab111365cbbbe949bcf03c9c7a3a484379a4781c6b0107d6ec5363cd`
CRC32	`528B36A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e1b0e0b246845e91_cumshot hot (!) leather .mpeg.exe
Filepath	C:\Windows\PLA\Templates\cumshot hot (!) leather .mpeg.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8d9f0a6d85d747c528d88ee72447a5b8`
SHA1	`1c92840449e938dddea766b8a7f1b208a684126e`
SHA256	`e1b0e0b246845e91489899325c210e383d4c73db9872fda7db386ecb104a36f6`
CRC32	`D76B451E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	18590975d7bfda5b_danish cumshot girls boobs mistress .rar.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\danish cumshot girls boobs mistress .rar.exe
Size	622.5KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`effb618c65542a59bb1bb5cf0f78958c`
SHA1	`09d5d6678d5ad91e5d58fbf03f2b8c59fb848d2d`
SHA256	`18590975d7bfda5b302a03111198ff2c1687c255d582455b2861e01a06a91f6c`
CRC32	`05DA21E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca9bb185be962712_fetish fucking catfight .mpeg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\fetish fucking catfight .mpeg.exe
Size	2.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ed7d46348da13616ce5a96848154f43c`
SHA1	`ad413d6b9b4f1b9336e9a8ac9d3420e21d3b2f3a`
SHA256	`ca9bb185be9627123763e32deaf75dc36909fa28a0e0cecd2951cb76163a835d`
CRC32	`7F91A617`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9ab64a7ffa9a02cd_danish action [bangbus] boobs hotel (karin,britney).mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\danish action [bangbus] boobs hotel (Karin,Britney).mpeg.exe
Size	281.5KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b2d428c894ae536d22de082e6d2e4a3d`
SHA1	`427aaabf70d0c00ceb5583e850c275f3b347c0c7`
SHA256	`9ab64a7ffa9a02cd652be691fb83800479c915b9f1465c664d144648e27e220c`
CRC32	`01E7AC43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1f1d03b5aa38bd64_indian fucking beast full movie (sandy).rar.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\indian fucking beast full movie (Sandy).rar.exe
Size	1.9MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`01ebd00309240f7d8ebea79fc5e73949`
SHA1	`cece177c5ce30f593bb0f9c030d43da47d8bbe65`
SHA256	`1f1d03b5aa38bd64f662519510ec2aac62f546d6ed9a6b4892e7ed2a848ceca6`
CRC32	`8BBAC43C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c4f575d91fcc8c60_norwegian fucking cumshot hidden hole blondie (sylvia,sandy).avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian fucking cumshot hidden hole blondie (Sylvia,Sandy).avi.exe
Size	911.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`69377c662a06ec8292576645db1972d5`
SHA1	`3b2443cf2f7d92ed901e31e0206816b7bb812d9b`
SHA256	`c4f575d91fcc8c60b76e500d05d821fe72a3ef3339e9cf1baea4c45a07fa2279`
CRC32	`BB3699B0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3678e413cab2864f_malaysia sperm trambling masturbation feet swallow .avi.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia sperm trambling masturbation feet swallow .avi.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`71ddb61071aefdab092ddd0c7eb73253`
SHA1	`ea02ec45cb5098dbcb085ff87a2b833081dc22ca`
SHA256	`3678e413cab2864f0669929c591125d3f9390b0b50158b40888291c08763c780`
CRC32	`F1C31981`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc68f3b6e452e286_kicking cumshot licking hairy (jenna).mpg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking cumshot licking hairy (Jenna).mpg.exe
Size	1.4MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`02ab8510831b06f4ef64038b868b661b`
SHA1	`2bb952e78948e302ad3d56c9eff3d4986177a3e4`
SHA256	`dc68f3b6e452e286559cf448595057459064641d06a4733580dbc0432b28c377`
CRC32	`AE231899`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cfac11709744f678_asian trambling nude sleeping ejaculation .mpeg.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\asian trambling nude sleeping ejaculation .mpeg.exe
Size	1.1MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c4a14ed42d462ad64034b4130923a94a`
SHA1	`df33a32e395b99ebf96392c6bdadabaec3e61f4f`
SHA256	`cfac11709744f6789fbcc796c871d2789a519886f561118c7e3f66dbdbb42653`
CRC32	`8D57E550`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3fb2a0c325657c4c_xxx cumshot catfight feet shower .rar.exe
Filepath	C:\Windows\assembly\temp\xxx cumshot catfight feet shower .rar.exe
Size	1.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d616f88e8b0dbb287308557d7848b38`
SHA1	`a347da824e091278a1df2d82020f306d9f522e80`
SHA256	`3fb2a0c325657c4c6ec3b7be305bf81108e850c6414b3005a349920a009348ab`
CRC32	`64607A88`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d433f854512873dc_indian cumshot horse big traffic (karin).rar.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian cumshot horse big traffic (Karin).rar.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`44ca3aacf76a4d0909ee2f53eb06a0be`
SHA1	`2d4fda85c7678ec41d7ea318e6dcb28ba49bda0e`
SHA256	`d433f854512873dc3a1d52ce94c8c260cc8e09d246778989b70d38b14301ddf2`
CRC32	`D018C675`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c750dda6ab8813c9_malaysia lesbian action sleeping (liz,gina).zip.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\malaysia lesbian action sleeping (Liz,Gina).zip.exe
Size	146.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`64d195fe00ecff6fdc8f8e82713058b7`
SHA1	`052abbe5d0efbba9daf735fa2fa71c7e0372c546`
SHA256	`c750dda6ab8813c97bf75a553bc39a596c747af21e32214999e08d7c42d80daf`
CRC32	`AE25356A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	079f5356ed919e43_beastiality kicking hidden .mpg.exe
Filepath	C:\Program Files\DVD Maker\Shared\beastiality kicking hidden .mpg.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`51e13027c33761560650af7344a75b3a`
SHA1	`20180e386f09d8d5566ac97519a00f4a7b9091df`
SHA256	`079f5356ed919e430e279bcac4df3358eb8d88a2948562c598399fe8b2a8d25b`
CRC32	`3BC02B6A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aa4fe61ec4760e69_nude nude masturbation glans wifey .mpeg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude nude masturbation glans wifey .mpeg.exe
Size	715.8KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ad6f818db115cf5063d3c35776dd7b0d`
SHA1	`a276c56a635376d36684ccf1e7ce6e855027ac30`
SHA256	`aa4fe61ec4760e69efb057875c7ded643fdd301ada6c1aa9556c7f438acbcbcb`
CRC32	`07AE3EE1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a284b51f553f5ec4_porn fucking catfight (sarah).avi.exe
Filepath	C:\Users\Public\Downloads\porn fucking catfight (Sarah).avi.exe
Size	1.1MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`33fea3cc51948d334cf7b7ea36eb27f9`
SHA1	`897f1024170e56e01478b557533c0a1e28374301`
SHA256	`a284b51f553f5ec40b9d4f6276d446abf89ea7106d4cfe5e466fb7c0d37369a2`
CRC32	`077E2EB8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c0d3b0203d9fc193_spanish hardcore licking lady .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\spanish hardcore licking lady .mpg.exe
Size	360.9KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`20074fb8b433a2a9af349796d5a076eb`
SHA1	`6c18498b4e964ad22ff110ca8fec84ea2c2be4f4`
SHA256	`c0d3b0203d9fc1931a2542442dd3b11ee71416575202f68ded7e66610575d6b8`
CRC32	`64496105`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cbabde7c35390abe_brasilian gang bang [free] .zip.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian gang bang [free] .zip.exe
Size	444.2KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`04813e84662307fc82eaf8dae0697295`
SHA1	`f0eccb2873c3ebe9ca6aa67f6da4ef245ae810d5`
SHA256	`cbabde7c35390abefea40289bb740738a6ef513d68c369ed4e4f5f74878f90c7`
CRC32	`AE0A11F4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bf2d88419ef4bc58_action [milf] high heels .mpeg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\action [milf] high heels .mpeg.exe
Size	737.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0a76b906ca53e3807b531680bfbdeb02`
SHA1	`9c9909eeb5ee4c22672efe16a0701800eef61ffb`
SHA256	`bf2d88419ef4bc58b5654a664126a8a9e0bc5fc458e864216059f81c2c073080`
CRC32	`21A7E789`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b44d2f28e64ca624_brasilian gay voyeur high heels .mpg.exe
Filepath	C:\Users\Administrator\Downloads\brasilian gay voyeur high heels .mpg.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`dc0706c358e14dc5ac8576c57f1e1a23`
SHA1	`94e3cfa05615ee78e583a1dd0a6c8216a72210f8`
SHA256	`b44d2f28e64ca62415603667c698aa34d026332186bc8afa49473a567ac9ed7a`
CRC32	`66D78296`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3549a5795a1d80a2_black fucking blowjob girls cock .avi.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fucking blowjob girls cock .avi.exe
Size	1.3MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`861b9237adf7a75c55ab74c45e2c05a8`
SHA1	`6f857c4d9d4e9f2f5c4257a175afeaf1e2000bf6`
SHA256	`3549a5795a1d80a20beb6ad4233c0177e920a7e9bf27a02072f7b2c8b1da318b`
CRC32	`72E9711D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb9f5876d4408600_beastiality lesbian granny (melissa,anniston).mpg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\beastiality lesbian granny (Melissa,Anniston).mpg.exe
Size	666.6KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`23834cb6d539ead71e8960e98d8e5e3e`
SHA1	`852fdd32ab15def527860a27f72a9c58daa99389`
SHA256	`bb9f5876d4408600e954704b0d129954ff3e0d798bf23ac9645e181710b37db4`
CRC32	`5A30F80A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a63cf751db5066d_chinese bukkake voyeur cock .rar.exe
Filepath	C:\Windows\SoftwareDistribution\Download\chinese bukkake voyeur cock .rar.exe
Size	457.3KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`450ffe8eb907e5ff561333ad14ea876e`
SHA1	`9752c78160ffec5356ff733ac146e070a8a3327b`
SHA256	`9a63cf751db5066d34880326b4ddbd1737021706114204de52df45f22155879b`
CRC32	`DBE43443`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	66b7e978c3b0ad2b_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	2.0MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e717ded6213117f5486188eefdfddc45`
SHA1	`bc90d79b96b301d589214ee056b4dab5ce4289f3`
SHA256	`66b7e978c3b0ad2b2cbe6885f46567519fdd661829116cfd48cf0689bd856700`
CRC32	`C745D78E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b66e4d42b8a4766_porn blowjob several models .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn blowjob several models .mpg.exe
Size	1.6MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`750fde57e8393d49337bbdcbdd37143f`
SHA1	`5e9b692434c26a1b75b2d68a7079a27d50837e19`
SHA256	`1b66e4d42b8a4766593edbb6efb5026d17a542664299a1c0f9d12fdcb68b4212`
CRC32	`EE2EFB0A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0b33e5e9de9baca7_sperm hot (!) hole ash (jade,melissa).mpeg.exe
Filepath	C:\360Downloads\sperm hot (!) hole ash (Jade,Melissa).mpeg.exe
Size	688.5KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b81f6648cd6c18f8488575335f7e56fa`
SHA1	`4a43e584e1f40edd878e2d171cd8506d29ee6291`
SHA256	`0b33e5e9de9baca7d4f305f1f017125a6d81b65b594f001f98823630c4bf8ced`
CRC32	`84F43F66`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34af92fffd862405_russian lingerie licking traffic .rar.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian lingerie licking traffic .rar.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`49a758f5f790cfb6f5d8e3e80737ff0d`
SHA1	`91540a8a3ea57d97d1eb2de4ecfb896744e0882b`
SHA256	`34af92fffd8624050621467c1d298d4c82843e6982c6b24436aef36331d2d037`
CRC32	`420F7FB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d84229669683e1dc_brasilian sperm porn sleeping glans 40+ .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\brasilian sperm porn sleeping glans 40+ .zip.exe
Size	622.9KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a5f7d436493983226c2c6dec1c3405c3`
SHA1	`7f93892f9af0f741cd48f0dc072d01abff5d7946`
SHA256	`d84229669683e1dce06811d3a301a1abf9a8ab446f542837aac0f730cb608150`
CRC32	`46AA1F99`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e922cc22add58d20_blowjob masturbation vagina .zip.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\blowjob masturbation vagina .zip.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`68ca14ef8e587c819d61af4d6803e32b`
SHA1	`d1a6dc40c565e794cc808b2d546e0481a66d693d`
SHA256	`e922cc22add58d208c64af4c8f179b6e491264c97aee268d576d035559a119d2`
CRC32	`266DEAB2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c8cb7d4e48af6ba3_british porn catfight sm .zip.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\british porn catfight sm .zip.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`966f42f8d3b3c07eb50cab6e4b7f9164`
SHA1	`ac715de254f0059f5458a25bc7ff8a6c43a7169d`
SHA256	`c8cb7d4e48af6ba353b26a0e632154eafc42857b7fb056bc5fab6d5b321bfd7b`
CRC32	`1FE3DD40`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8468179b57ae7ad1_japanese bukkake hidden hairy .avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\japanese bukkake hidden hairy .avi.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`96ed2b0b8c75504927eb4cfb139cf7c5`
SHA1	`6f68a196bc89cf7578ccc9288fca2b270a40202a`
SHA256	`8468179b57ae7ad153c08c8ac658d853bf244ff9abb3190d8561624b13e34835`
CRC32	`83ACF71B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a0339c73bbdbb732_african xxx public ash mistress .mpeg.exe
Filepath	C:\Windows\Downloaded Program Files\african xxx public ash mistress .mpeg.exe
Size	1.4MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`df778421690bd56da64c61c1a05634b5`
SHA1	`7ed59bf857db88ddf4dfaabefbd23b133f549ce2`
SHA256	`a0339c73bbdbb732a35245dfb9c496f96e0e503d8a01faa0cdbd9219c74007fc`
CRC32	`D8148B63`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93ac73c4df341e9f_russian lesbian gay uncut young .avi.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lesbian gay uncut young .avi.exe
Size	1.6MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6eac73e436fd18cc4a594fd9cda8484b`
SHA1	`f45575364c61b88a396994910b51890b756475f5`
SHA256	`93ac73c4df341e9f872161e18cd94650e58d50b94fd701529664939e93ee5a44`
CRC32	`380AD213`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e27917a27266aade_tyrkish xxx public .avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\tyrkish xxx public .avi.exe
Size	553.6KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1a90fd7664aa9d92b832813d1169a336`
SHA1	`787212b9c1a333d8df5a90c3315ad4ff1cf6a649`
SHA256	`e27917a27266aadedf354b800768c0ffd505abfbc90253ac79c9b9b003fd2deb`
CRC32	`9F52581F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c25320d1eaf86087_sperm licking black hairunshaved (tatjana,sylvia).mpg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\sperm licking black hairunshaved (Tatjana,Sylvia).mpg.exe
Size	850.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`12ab5aa397f0a0ed8465a1b2d7a6167b`
SHA1	`88ec448ed419ab89046435c055569b9de6e282a3`
SHA256	`c25320d1eaf860870f29732ed43e768c77973230bdcb1056b65fe30c26f1d2f6`
CRC32	`CC9C5D9D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3f17055e556b9afe_tyrkish gay sperm licking hairy (curtney,sonja).mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish gay sperm licking hairy (Curtney,Sonja).mpeg.exe
Size	1.6MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e899dcd342c0499e20f374c1db9a0902`
SHA1	`27e8b4415bb2ce7aa1b3664f7f7ced8283232f16`
SHA256	`3f17055e556b9afe204c2d65b91ba5cbcf860a734ad1e1312a773c063179d5aa`
CRC32	`978C66DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a943fb893d17c236_italian gay action hidden upskirt (janette,sylvia).mpg.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gay action hidden upskirt (Janette,Sylvia).mpg.exe
Size	1.9MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`09ce09790429dd0c521a8d16d645272e`
SHA1	`f7822aa2d8f6f231a67b844f86a45ed579d687ab`
SHA256	`a943fb893d17c236bdad819dce2fb2f16409c50daff1c6a346748ca916eba77a`
CRC32	`14A4A3EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c02359b1abea607c_xxx big sweet .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx big sweet .mpeg.exe
Size	570.7KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bca6a7996842aa00b1fd5ce8caab9ac2`
SHA1	`dab53531fb3416fa8265191f2588d7375b49f98a`
SHA256	`c02359b1abea607c8c7379a19f1b3f81ec2b6a7e37efec858f867b7bfe53a9c1`
CRC32	`6105E06D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4b65e4921ea118f9_british gang bang [bangbus] .mpg.exe
Filepath	C:\Users\tu\Downloads\british gang bang [bangbus] .mpg.exe
Size	987.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6f7409fef558ff8495af8c7e8cb71f2f`
SHA1	`810b2022cc533ec36af316bda26c9d055214d1c1`
SHA256	`4b65e4921ea118f998071cda83dcf6fb9dae2c06f3f1209d0434d6c06530bbf3`
CRC32	`7ED9C1D9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1cfa956016e184e2_chinese bukkake public legs bondage .zip.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\chinese bukkake public legs bondage .zip.exe
Size	1.1MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`780552a448f312f7ea4ae88b712c4930`
SHA1	`d5543ac4fbdd1d30be1d4d78fb910160a2b61465`
SHA256	`1cfa956016e184e271c00ff9f28da8e5913624fd5b22991c6fdc3b1840fe283e`
CRC32	`55C2AF09`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dba0920b34d745f4_gay cum voyeur gorgeoushorny .mpg.exe
Filepath	C:\Windows\winsxs\InstallTemp\gay cum voyeur gorgeoushorny .mpg.exe
Size	959.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b41c19eae56dff39f84b1a68d14f248a`
SHA1	`7cce19ec16cb48e93266268e039fb179bf213e65`
SHA256	`dba0920b34d745f4756c480df1831ecacc94df8bb6547aa2bdcf916ca15e3324`
CRC32	`6622494C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e9db95ff8d7a334c_russian kicking bukkake public sm .mpeg.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\russian kicking bukkake public sm .mpeg.exe
Size	707.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`57673e69b1ca3b300cd62bfd88af8a75`
SHA1	`46e2bfe068227e5d21a7ac844ccb55b74114e8fb`
SHA256	`e9db95ff8d7a334c6882487e6ec07091d106e65d18e921532d4c16e13967bbf9`
CRC32	`A2183A0E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37f798941975fc80_beast big stockings (ashley).avi.exe
Filepath	C:\Windows\Temp\beast big stockings (Ashley).avi.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a03f0084e6d6f1e60d5dc99ec43e45a9`
SHA1	`33adc5a31bae690415354cf04de4206e8d34366f`
SHA256	`37f798941975fc802707070336f858a6ac947b2d088cd9af5f27bb2d75defb18`
CRC32	`AE9C8876`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d5a7f9b5d7d9726_french sperm action girls hairy .mpg.exe
Filepath	C:\Program Files\Windows Journal\Templates\french sperm action girls hairy .mpg.exe
Size	1.7MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b04968d46cebafa11438863072eafb14`
SHA1	`ab4f6d36d0603815e16677b4caf20e006605b376`
SHA256	`0d5a7f9b5d7d9726efbfb38a0fcf33f3bda4315d7b346aca6c166f6ab7362740`
CRC32	`75EEDE46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	899d7f66d716a0d9_lesbian uncut latex .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian uncut latex .mpg.exe
Size	262.0KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6b9ef8c49a2862000db796612e1068c6`
SHA1	`721fb787539e961faa511faa0f612fabde69b20c`
SHA256	`899d7f66d716a0d9d1665eb4e03676240b351b07e6ea8d80cb8d05cbd51c6098`
CRC32	`D5B77422`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	732c6b23c2b1ddc4_british horse masturbation balls (sarah,sarah).zip.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\british horse masturbation balls (Sarah,Sarah).zip.exe
Size	1.3MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9ff1be9894d78b72c0b3b5e790c389b9`
SHA1	`6da3f43fa8aee8ede8fbf28eeb1535c1a9e86a83`
SHA256	`732c6b23c2b1ddc4ce41f3831ce70b93cdd2817e86b6885932c6896ade1075e2`
CRC32	`EE36E40D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34e28e046696814f_brasilian animal lesbian masturbation feet hairy .zip.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian animal lesbian masturbation feet hairy .zip.exe
Size	1022.1KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6d76f39d18d510d972c9788e3c59ef62`
SHA1	`90834de2ecc0001ea8d97f025dfd1fde1de4bd99`
SHA256	`34e28e046696814faa510b66c983b2ab6141f2c908da417fc9c80ec19115596a`
CRC32	`57D5334F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b5a0817878221a1c_american xxx catfight bedroom .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american xxx catfight bedroom .mpeg.exe
Size	677.6KB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6c57a03502574339ab80c6f8729a27e2`
SHA1	`e015a5a6eb75d8746bd27d8d43d23388e6d9540f`
SHA256	`b5a0817878221a1c710e566f9c8c5432def4742b9d0f4d12aef5decf62c896e7`
CRC32	`1508F244`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3127a3e6244ce18_british gay public balls (jade,britney).mpeg.exe
Filepath	C:\Windows\security\templates\british gay public balls (Jade,Britney).mpeg.exe
Size	1.2MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0e8e30d0433358dabb7c86553c42406b`
SHA1	`9a923f956406fb50aee9c5d9574d855b69d375dd`
SHA256	`f3127a3e6244ce18ac83336d3b8b78f59639648503db9a2ad5651d0f0ce460e0`
CRC32	`21437B97`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	25bdc7d32f9be7a3_african horse catfight femdom .rar.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\african horse catfight femdom .rar.exe
Size	1.5MB
Processes	2400 (0ab3e3ea1f2dba0e448fbcd2adb91384a830112f46b4dc3a81ca8976f62f98ea.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b2ee7c4f4d45918d396bd421f300e897`
SHA1	`400d9ed3af5c60a636064851e9a95d5d130d1fee`
SHA256	`25bdc7d32f9be7a3d05379350040a69767b6f5a2bd2961280c500638dd1a024c`
CRC32	`0771887E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.