SmartHawk

3.8

中危

51 个模型检测该样本为恶意！

重新分析

下载样本

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe

分析耗时

76s

最近分析

402天前

文件大小

131.5KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.14

FACILE 1.00

IMCLNet 0.70

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.70	Unknown	0.21s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200512	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200512	2013.8.14.323
McAfee	W32/Generic.worm.f	20200512	6.0.6.653
Tencent	None	20200512	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545301.53175 GetComputerNameA	computer_name: TU-PC	success	1
1727545301.53175 GetComputerNameA	computer_name: TU-PC	success	1
1727545301.56275 GetComputerNameA	computer_name: TU-PC	success	1
1727545301.56275 GetComputerNameW	computer_name: TU-PC	success	1
1727545303.82875 GetComputerNameA	computer_name: TU-PC	success	1
1727545303.84375 GetComputerNameA	computer_name: TU-PC	success	1

可执行文件包含未知的 PE 段名称，可能指示打包器（可能是误报） (3 个事件)

section	.jxmnr
section	.lpkez
section	.g

一个进程试图延迟分析任务。 (1 个事件)

description

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe 试图睡眠 593.42 秒，实际延迟分析时间 593.42 秒

在文件系统上创建可执行文件 (50 out of 77 个事件)

file	C:\Windows\security\templates\spanish kicking girls circumcision .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\spanish fucking handjob public legs .avi.exe
file	C:\ProgramData\Microsoft\RAC\Temp\handjob masturbation vagina redhair .avi.exe
file	C:\Program Files\Windows Journal\Templates\italian gang bang catfight cock ejaculation .avi.exe
file	C:\Program Files\DVD Maker\Shared\action [free] (Sonja,Curtney).mpg.exe
file	C:\Program Files\Common Files\Microsoft Shared\spanish bukkake lesbian uncut .zip.exe
file	C:\Windows\Downloaded Program Files\indian fucking catfight ash pregnant .avi.exe
file	C:\Windows\assembly\tmp\german gay full movie .avi.exe
file	C:\Users\Administrator\Templates\african horse lesbian blondie .mpeg.exe
file	C:\Windows\System32\config\systemprofile\beast fetish lesbian .zip.exe
file	C:\360Downloads\kicking lingerie full movie black hairunshaved (Sandy,Melissa).mpg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian hardcore cum [milf] sweet .mpeg.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\asian blowjob voyeur .zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian handjob public (Anniston).rar.exe
file	C:\Users\Administrator\Downloads\german blowjob [free] .mpeg.exe
file	C:\Windows\SysWOW64\FxsTmp\beastiality nude hidden .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling animal hidden .mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\asian horse lesbian hot (!) blondie (Gina,Sylvia).zip.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\kicking big (Sandy,Samantha).mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\Downloads\american sperm hardcore [milf] granny (Sandy).mpg.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\horse girls hole .mpg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\norwegian kicking licking .mpeg.exe
file	C:\Windows\mssrv.exe
file	C:\Windows\SysWOW64\IME\shared\italian animal catfight circumcision .mpeg.exe
file	C:\Windows\assembly\temp\norwegian fetish licking .avi.exe
file	C:\ProgramData\Microsoft\Network\Downloader\beast [bangbus] feet shoes (Tatjana,Christine).mpeg.exe
file	C:\Windows\System32\FxsTmp\swedish blowjob kicking full movie hairy (Christine).mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\asian fucking girls .rar.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black beastiality horse lesbian .zip.exe
file	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot hidden feet girly .mpg.exe
file	C:\Windows\System32\LogFiles\Fax\Incoming\russian animal [milf] .avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore big high heels .mpeg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american trambling uncut fishy .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\african fucking horse masturbation ash penetration (Sonja,Liz).rar.exe
file	C:\Users\tu\AppData\Local\Temporary Internet Files\indian trambling bukkake licking ash ash .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese lingerie big feet sm .zip.exe
file	C:\Users\tu\AppData\Local\Temp\beast sleeping titts hairy .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\spanish nude lingerie full movie beautyfull .zip.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish horse hidden .avi.exe
file	C:\ProgramData\Microsoft\Windows\Templates\russian porn [bangbus] traffic (Sarah).mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\french animal fetish licking .zip.exe
file	C:\Users\Public\Downloads\brasilian lingerie hardcore [free] mature .mpg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx sleeping young .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian beastiality licking (Karin,Tatjana).avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake hot (!) hotel .mpg.exe
file	C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob handjob [milf] high heels .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\handjob full movie pregnant .avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\russian nude beastiality girls .zip.exe
file	C:\Windows\System32\IME\shared\beast trambling hot (!) (Janette).rar.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\african blowjob fucking girls .avi.exe

将可执行文件投放到用户的 AppData 文件夹 (20 个事件)

file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\russian nude beastiality girls .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\chinese cum girls titts (Curtney).mpg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\lesbian [bangbus] mature .mpg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling trambling hot (!) (Liz).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish fucking gang bang lesbian legs stockings .zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian hardcore cum [milf] sweet .mpeg.exe
file	C:\Users\Default\AppData\Local\Temp\xxx hardcore masturbation (Jade).rar.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian trambling bukkake licking ash ash .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\spanish fucking handjob public legs .avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore big high heels .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\handjob full movie pregnant .avi.exe
file	C:\Users\tu\AppData\Local\Temp\beast sleeping titts hairy .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\spanish nude lingerie full movie beautyfull .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\xxx lingerie licking vagina sweet .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\african horse lesbian blondie .mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\asian fucking girls .rar.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\african gay beast big gorgeoushorny .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling animal hidden .mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\french animal fetish licking .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish kicking hot (!) .rar.exe

搜索运行中的进程，可能用于识别沙箱规避、代码注入或内存转储的进程 (3 个事件)

Time & API	Arguments	Status	Return
1727545275.57875 Process32NextW	snapshot_handle: 0x00000144 process_name: taskhost.exe process_identifier: 1084	success	1
1727545275.57875 Process32NextW	snapshot_handle: 0x00000144 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 2236	success	1
1727545280.32875 Process32NextW	snapshot_handle: 0x0000013c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	success	1

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00009200', 'entropy': 7.7228958156896965}

entropy

7.7228958156896965

description

发现高熵的节

entropy

0.33031674208144796

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 84 个事件)

Time & API	Arguments	Status
1727545275.57875 Process32NextW	snapshot_handle: 0x00000144 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 2236	failed
1727545278.09375 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 2160	failed
1727545280.32875 Process32NextW	snapshot_handle: 0x0000013c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545282.32875 Process32NextW	snapshot_handle: 0x00000138 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545284.34375 Process32NextW	snapshot_handle: 0x00000264 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545286.34375 Process32NextW	snapshot_handle: 0x00000264 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545288.34375 Process32NextW	snapshot_handle: 0x00000264 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545290.35975 Process32NextW	snapshot_handle: 0x00000264 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545292.37575 Process32NextW	snapshot_handle: 0x000001ac process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545294.39075 Process32NextW	snapshot_handle: 0x000002c8 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545296.40675 Process32NextW	snapshot_handle: 0x000001ac process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545298.40675 Process32NextW	snapshot_handle: 0x000002c8 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545300.42275 Process32NextW	snapshot_handle: 0x0000012c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545302.42275 Process32NextW	snapshot_handle: 0x000001b0 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545304.42275 Process32NextW	snapshot_handle: 0x00000344 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545306.42275 Process32NextW	snapshot_handle: 0x00000364 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545308.42275 Process32NextW	snapshot_handle: 0x00000364 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545310.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545312.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545314.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545316.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545318.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545320.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545322.42275 Process32NextW	snapshot_handle: 0x00000360 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545324.42275 Process32NextW	snapshot_handle: 0x00000360 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545326.42275 Process32NextW	snapshot_handle: 0x00000364 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545328.42275 Process32NextW	snapshot_handle: 0x00000364 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545330.42275 Process32NextW	snapshot_handle: 0x00000364 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545332.42275 Process32NextW	snapshot_handle: 0x0000035c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545278.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545280.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545282.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545284.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545286.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545288.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545290.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545292.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545294.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545296.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545298.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545300.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545302.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545304.155875 Process32NextW	snapshot_handle: 0x00000118 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545306.155875 Process32NextW	snapshot_handle: 0x0000011c process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545308.155875 Process32NextW	snapshot_handle: 0x00000120 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545310.155875 Process32NextW	snapshot_handle: 0x00000120 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545312.155875 Process32NextW	snapshot_handle: 0x00000120 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545314.155875 Process32NextW	snapshot_handle: 0x00000114 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545316.155875 Process32NextW	snapshot_handle: 0x00000114 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed
1727545318.155875 Process32NextW	snapshot_handle: 0x00000114 process_name: 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe process_identifier: 1156	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX1				description	节名称指示UPX
section	UPX2				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (5 个事件)

host	114.114.114.114
host	8.8.8.8
host	212.225.253.203
host	86.69.177.153
host	23.147.38.41

枚举服务，可能用于反虚拟化 (50 out of 4572 个事件)

Time & API	Arguments	Status
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.59375 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.60975 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.62575 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.64075 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed
1727545273.65675 EnumServicesStatusA	service_handle: 0x0052ca68 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exe:ÿ;SÿÜ::PPÐSl[wÛRÐSn8P9SÄPèúÌÍø;z8ûxÿÍ_wËS%þÿÿÿz8[wr4[w9Sno9S0ü¿évP9SÃ@\ýÜÞ9SØþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 51 个反病毒引擎识别为恶意 (50 out of 51 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.04F4CB21
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.04F4CB21
Antiy-AVL	Worm/Win32.Agent.cp
Arcabit	Generic.Malware.SP!V!Pk!prn.04F4CB21
Avast	Win32:Malware-gen
Avira	TR/Dropper.Gen
BitDefender	Generic.Malware.SP!V!Pk!prn.04F4CB21
BitDefenderTheta	AI:Packer.58C8E8931E
Bkav	W32.HfsAutoB.
CMC	Worm.Win32.Agent!O
Comodo	Worm.Win32.Agent.CP@42tt
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.2fdc79
Cylance	Unsafe
Cyren	W32/Trojan.TOJT-8212
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	a variant of Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.04F4CB21 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Trojan3.ANJP
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.ab734272fdc79f48
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.04F4CB21
Ikarus	Worm.Win32.Agent
Invincea	heuristic
Jiangmin	Worm/Agent.ctm
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=86)
MaxSecure	Trojan.Malware.300983.susgen
McAfee	W32/Generic.worm.f
McAfee-GW-Edition	BehavesLike.Win32.Dropper.ch
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.04F4CB21
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.2B4A.Malware.Gen
Rising	Worm.Agent!1.BDD2 (RDMK:cmRtazrQAGsQ9vgWTFGwfYTzc4SL)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR
Trapmine	malicious.high.ml.score
VBA32	Worm.Agent
VIPRE	Worm.Win32.Agent.cp (v)
Webroot	W32.Trojan.Gen

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.jxmnr	0x00001000	0x00011000	0x00011200	4.8945685549579565
UPX1	0x00012000	0x00009000	0x00009200	7.7228958156896965
UPX2	0x0001b000	0x00001000	0x00001200	0.7017545132594376
.lpkez	0x0001c000	0x00001000	0x00000200	3.9638687291035044
.g	0x0001d000	0x00001000	0x00000200	0.5960600373116879

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

->zU?C1.*ph
.jxmnr
.lpkez
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
U%z?@e`@
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
Y<9O_V4#
,:@>" :I
7&)"DG5D
E+4,=CJ2:$@/">?<$D
@%0?&6
/ !%.
0!&'-'
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,SC*
)Xx%7Z;+E08d=dw
wjw/n=1q6
m+g%o2v
b>'Y;:|.Q^
RU>}9,
q5=-|
A>xs3{
uY$m4 
3p0V!@D
$"0r4"
85[Y7BL?aP
6iW.nf
6DgC=x=
n$.=~1R
.7`0]2
"3/IH$C9(9$
+9Ch&h3
;\.c-I8
59&l+Mc(?
(+!@EH
"`-z!Q 
53`;H;
[H;50NK
}4I.ex
>s>/GC8
D26';K
J+x\29
=x';Qa
:,>ii3d
*1pG3)
_<|*0<
$`4+}."
/X9($o8
~8!@&Ji[5
_;5y~ \*
!&US;)F
D&R&K3^a)C
| hi"+Li)
B0f>[)'l4B
Q(SO4j2
 8`=d-?t
I/[ <.
;(iO#<z
R)w6F
&]" j!R
T*%x8ZI
S'lr!#
.!-<%\&
8D<UPh=b
=j61M:4yS
%2%8P-
>)$/;b
@K7%L9
47,+^`z.
dV"[U0.v
t6H %*5&gM/ 6!=4K((
,O?f]0k
}e1T\=JF
`* ().:
p;zH+-5:>B
?(p,?8
=&).+y
.5^&a55
A>r?%E;
&mI'$<)=O"
:Z,++nn:Q
R+)Z;;YO
{-#D:?DC
(Ma7KH71O"GF&#B
8.n-8*i
'<<Q!,1
$ .6r%
v%D1|$9
~G#29ge
4Rl%/C
hA"]_?ww4
V7P*"K($e
>)n/7
&-f)4c
_t323;'`
'&+5u,
bd<3D"
&3?*>8
HP*#;<
-Y cw2Q27i
.^z:mb$X
s~4*5s'/6
W[,<95
)1gO%R;0Q
*>=3=?6
->xp"015
J2]o p|<
1L<nG(:u
mY?~dD
+,A@+h
;U{8$VA51
`#5Y52+O
!#+,4yp<
-V-D"!l
AQ;@~F
M`g+^703,&>&
%7{$
BZ!7*V
$>aG+t
[1f2;I
&7R4GH
,?d*&gd
1;E?$
(Q=F!r
.:R>Z4
p5R4Rb
Z;!U75J
?8_&]R
\SL"OA"zo
"`5M3X
7!$}[0;-?t
N+SDJ:
%0+&`C
gQ!2]+s
zB*<ck.
V$R6%&5|t*
*#o>Dk(>
86kX1iQ8
/~"!30
qT/F^H
]%ax42
4O-V5>[#y4#z|
/l.]$-
 Ps&oV#;w
6\h0A#B&W52
4:+/9;*
v$:1$=
ED,X87E
;:m?r[$#9*<
Sua+!06kv
[-GJ3 [
#g6k'3W
=23]/s
Ip0g*1
Z)<f;T
5X?f:W
z#q7W)
Ts,F=,NX0h(v&Q
>S;)|=)
:&e;Y(
P,0v,[#
^X;F,=*
][R<b/y,ou2q}@
L+NG /
J#"(PX
y}_5y)
6S#Y<'8,
m*=$!<A
9":x&*:M+=
`+oO/-
w%'S}$$+/
rH,7mc
;n+ e?
8[(e&mK5t
x:1<q&"c.e@
_/$>w {B"dg8
ix90v*iA
)Q!Th2-K
Dp$V;8u
!`\3}<
>%$@{&{<~
-]1z$P
7b1'34
c1b.\#uT
M;A>b&
|^,&"+=H+
?}&C1ZC'`>
*6=:8B
E2>;?0#Dd
<"y1;
W.2f&!
i":@s
lZ6 -$)@
|g*8w>l
-z55r6y
H^G/-R#
A^d$&T
].0M]*?$QL<
8\Eq(W(
aSK.>3j'!
e*t=m"^H
S;'U<'}[
f-E[ Z;
$[rq0IHE
gUS D;Wo
TR1a,){3,n",0
"M++0@$0vt=jV>>?
)##:M>J
J"x2>./
U$?\a2K
4OpN^%[
+ --k1#=
'24++"/
#'o2Q8V/
S:;yXR$tSC(a<0&
2[0C=?u0G
0D: 1c,*P
L*!SJ3
|!+Q-5
w3 W;1
n7"m>hv
~S4/Ki
?4`L;1 R U+4&z1/
-W!,96 
=v&1o9+n'
P#-ui!w&
(!A0o1V/
`?;V66
B#Kx.B43
!m*H(p'IZ
y77q t&+
0EM8:kK
(jC,V(T<
:g(w<8
"^$}Z*
o">+rm
qJ==DD
O$zK7<m:`4'9
{y Y),
6/_,5+"
.u9l,q26
K8*otf0
9x*):;
5KS9<l,m;;k5
3}W(Z!l
mCa<@S
cp p/2
;54<v<
CJH/P41
GP%X:K
[/v![ 
z.+g9sK
:Y&>_?
l[4P5F
b$ ,?wB_
)/?T11
X?v!v$P(6
1F2@ ?I
$L,Nu-
?9A63!
49OI}-
(8y3I9b
B*;T+@K*Il)1V.
-sz/4#5Ws<8! C;{
]+V8:f
7))~N%12A?T
3Ss1,9
S(d(-q
$=V8|P3
< h%)7
==9R7B
kn!FFJ8/.
1"v;DD6
3f0n<0`:
RZ !2{
@5;%(()L1$C.
#8c u[
1~'^Y6$7
,3! %C8I
 - 8:a
C,2;LC,
$ v146
QH$':}"i-x'
%|=7jW7r
Z<m).BV
(3Dc_?u?
zQ=]2>
2@;!op
2<T+%`_
Jn,_O~
j=/o5XAx3ya
F7P-a:
c3D,T,m=@"
S,f09O"&5K%
5r/7u,UI
;<t|,C
&<5U:{X-BI
s .+NN
_/2'[9d<=c3>6$
V ?4+i7# 
0/A$W^<(v
7iv'xX8'Z!
^l;f!T
h*|zi1;M)
4FR6Q",K
dm2%2~
_ ]/1>4r
h?Z:4j
6::'N>*
(2"Vd9
>4T8YMk
D$(A=`)'
1GX"MV
6.`&u6(
GT,8q5S_
Bv"764%c4:
:8'E?j
>W6Y%C
t",@(&?R~
l3FOE
K5l)`(
-8b~!f6
XKP%A)DP.
I $?M%
`N:HE<
Sh9.tT!KG
)gP4YZ(Cn58
?0h=C]
z285515$0
[$c-n)6<
<_,:>f)
 g+]M&T+
aN(Q6}pF!~g1kR+
 ',l*U#"5
F:+;b)
;Q'(W%D'
8u3/O 
/NFs=_r+
 2-4>>
@3J.4?
=X,O4)
""!*9-6
;i<#$.|
9%0&i'#G
.36LR%
^0y0q<KX
f4t/a%
[K=rw[>
C5-.Q|,m
f .72!Ba
j^)iRX
RX8QZ>l
%{"T#v<
<Qt/"i
-LH)lg*X$4P
Ax:-\y#u1@
-($;:m3?5
.rd<'_...
@)y4@R%
7y%SU9E
= 6$0.p(m*
G:fE'^6
&R01(
Qb, /T
w>Q$)|
)0>p+#>l
:5]0R*
:2%}":
'X9_4H
(34-ex
(\h%H;
D=M#I
o|[+2v>#<8
W&@`?+l
r2t)'i
h3dE<R
%:*r,&
GXn0/Kz$Z
(I+:)('d
=I*](n"4&e
f_%];-p
4yC<CU
b@)JH--<}{:* 
`="$Uf*m
O)I|.84
%S=OQN
2cM?Y:3r?e
%m$5:D<+1=
%&'E3L
[>uo<:j;$
1zj/(l
,Y=k=:
y! P&0$h
j "p="
mP/}0b
91'V!&
,l8*zL
)9/65:
-D"NL>
C=~h+\&
=,}/ 
:'7!)c{+
=b;i=[
@1yE<`bR93g&-x
Y2*l=.
6L:?';
=w)xO1
5c8`=?
-.JT)
LN!Mf
&9^(+S
Iv+G+a
1/Zu37}_
=.+f9~3K
9,&P90
,](gcz 4={8:
41\3v~6U
<DS</x 
t>b7l(
7j;?5 8*
,Xn.uN Jj
z86yVf;
|n0@bG
tO=^5|
|*[1P2LP
+G\.0<r
S{(jY:
IV'h&:
%j3Y/Qd'n
Du6-]<g3p$q_O
7:Y!{>
]n nv{g
;l}B!9<`
5Yv-hR
6(F)
1<6 ?W-
3s#}w/
v4\Y(e4zsZ+yL
W"pA3HC>+u'5%
;}r:$I
t.K(a)
`~<c-V
&%;,1.k9
[*0_,'et;
}.|6)9h<
~\)e!:|$}82l
&z8-!\
AW=3N
vw6a3#%3+
0a<K`7
s1@(SIy
!7;2).9
Ia8;9z
f<64&q
F_G=p'9
ci8:*/
c1:xcL
f77 o+
NU=q9UN
4[G4h(TW
)u?\!7
+%,<w2
a)Di>m
*Cih%f1:
Y9%[G)^RF7K)
'g-[:g,
[$8&0ZB
Ix7Q'(
3&*:+"
9M;+.;1z9"~9
=40pSv
z,N!u6
bIC?"
&/P!r'9#
4Y/!D:0
&8_<[0K
:2e0yzW,=A)?ca
\6A2Y,#8/
p)+(a%*:#
8n=; 01
xm%5wR
#G`.,}
vok={$
"X5rU6H7
.  u2F
5i%h=
-'5=4l:/)a0
Yb(`e:1
,;!--4
*:N.?Y
OY6bR2
-CK"\K#
mV.A )4E
4e)Ly&;d1
3Y,w<4a
+{C:cK;
LX4#,L&+Ga
d"&e(r"s
i2(#gi
q#Ms:-
)xO#H8
k}4,!61
2663mI
<l2n[$Q/+(Tv
95vI%h
9.:@;vln63,
V68#{ 3O2.`
!b0?:?3_
l&-Z5H A
;54LN1
*e/7B<MZ
'w tw?ap1
$7fd6u
*]:s;2
Rtd#?:^'(
P-gS:8"
/[#j'L:Q~- .49vi%47p?
K<38=?I
l{>8m1"]2
%~$F3
Pk?5_(`
N=*%+%DU
U8q1q"
+?2H(}
H$qUt7N
>"d*X>VP5
\u+C)U
@&%z@-L#
$HL$S'Vp4
^8aY'./
+>9&d4;
'k7ZQ6t"8{8
<f!<[h
E5e#?q
:f(5xm
n/*:42
<}N+Dh]+
+%64k)q~2?%
Y(=#1(<\"B:5T;K
_D$E$y
<"@2U,7b9
ZF%D"&O
|+93Q=1
''n,rmN
aB .g-
+Y185B0KFS*
Gdn$*n^8
&0S7,d="#<f
wV2,B/#j
'y1{%!<
$lP.x2g,
(8n~f/*s
;o:Me02
:#a'Z/vj
Q*R=:x|9(?
/!%Br
|_`8>
vc=*kD
B=Y18T9O2~`
8T}6Nd
zW=uOY!4
X#24Cj 
HA5+;/&
'Lw,#y&:
4KW4<$I16;
rZj(%l8 "D!
+7*;#*@/
Bs&mP<^
<{(6<<
kk5G)gm
y4^?sNA
>&p|4;
|1?Q'>n
f)R>1_&
D20!,E.}
0!4bWm
 2lK=g1
:]A7Xlz
V!y0y4]
oJp/Z?
A A924
^/4MN"L
(.!:;y)0M
b'3tK&-dH
'N('u/c0;a
*:>D,0
?c&,d+
W) ZO
Z'1?bp0Q|>.
"9P;\9
?6+>7)h^*
;}Yi0l
1(]'<G9
3nO2Vd3-)
S;2Y7
#012^:-%^
@yS"3dI
Me7^s>
"x)Y8q
70Pd1 yyG
$a=a;c~9
 .8aJ4!S
</)r45
 ;J06$
Q%e|G/(ir
k"}]{
&48.n7((2
n#,-M9>8go0=''9
vZD4L-V
5j?Mj6
`hh;,h.O@H#9/<q"Q0FW
q$29N6a
m0_Dn,z
h!B5%W
*0%CU&
Ir4~1S33t5A7
 WJ9cf
kt2j:(!
2=U=x=\58
p+]hi3
0,D;>/
",L25r/9
;8:-W%N-n;4 h
 KV.~!}
*Xc6#x
2",@u?`&_
.0P.3q
B'j8T
-8M&=:#%#=8/m.U
M-^t8;C
t,)[NA-G6Z
'q>#%s
78-*o?{
d!E}0Z<
4/#,)en1
-=Og.(};=G
-i"v;#
$gq:"@H Cl x
>|H@57
<v%UV#?BN#h-
Qw-pEf4
!FO"]A~'^
,E<lG%
}d%,/F*
\{6.~q
j3&9bf0
:W1+&(
6+[T)8
-v,=AC
L'4%IZ,UJ
#Z=:t#3w
2Gj1fL
)$!*<2
\9K2{\
=qo4s+dv
p2= >n6
&y+";* w
D[P#"/
Uc,l#0q%J$6
6*v71!VXX6oo
^1_g7m/
u1$6n,
.r%+c!Ph
&z"7#
z3IVo1
%)-J 
=e`9d4,'s5!m 
2;+12^
wq5x$.Q
1\/+|A'
r.9v2P
12_<1/vN8
4LO9!0e
Ei 'l3
5o>r1p>w'O
u#`#}b
M,H9Z#
D/)67^K7C
/-.OM%
`0m7,5
[A0=l+<-s%
c>f[:WN
{3*R$~T
42j)57<6.g0
#$4/O89`!=,
4]?By (zC
+7\GK=e|$
.,!%K+B^!;0
M}}*B<#LuN
<Wx;kI)9*e
Zp#)?91"
Ce-nC~
mG=Tb5
`b.w[
m16.Ih60
x.-11%{
7|<y1vHj1b0
%]9+_&"M"*"
=H<-.5
/$*\Z-A
y"B%uP
T=5(yx+LJ4#r
3(oT81B
\\*'1"F
)5I(Z*+
T2.>^O5;
oR%9*p*
)H5iN+%-&
Io9f@2
zX%L0m1
T+Q,9[*
!?{6@L+B
{{;66873tq#(
.J<!r5
:y2<8sF4x
:+H?p>#eK
4e<LZ&|1
"#&29#q
=+V;G#~
y<9'\qQ/!y
bl&na)+
Ch%>!$[C)
y5th8)Qw;Z<;
2'w{>@
VLJ$%&
5+7^"0
#'?6d"kkx;
O74aE,'
>x80gw
{M$0)eV)tq</q
,3i3S={?
w!TD9QmJ*:
 @0wT8#;
os"vBl2U
}-UcU+K$-X
(@<.e>
!#up.|_-_L9r%6V
OH/sH*#
2$.+8J
^?'8BbX
@F#-*&@(#TK$8<
34=,\` 
h<mc)<
E:f,T,
{w#8d=
4"41)#
Rj#wb7
u>%F[o^!
l!%.D~*~
~,}j;<
?X,xG4/
n19a)
$r6;t&PV>$
"=+G)s9:
%j!(*06j
0tK<E_!
'yZ B!c
25s=i$
tRX-C[
>5.x&a
)`1e6y
)=v8'45
W&fw6gyU7"
_&w#^*v<>
?},d- /l
Q0hUr/
Nr'?J]$
s4z%/5
~&9SD/|
n9bs.%\p'/N<<\+Ia
J?+<u4
0.#5(Y
r#$:o_
#6+:#%CLP28FS1F.
,tw,)l

Process Tree

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe (2236) "C:\Users\Administrator\AppData\Local\Temp\007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe"
- 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe (2160) "C:\Users\Administrator\AppData\Local\Temp\007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe"
- 007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe (1156) "C:\Users\Administrator\AppData\Local\Temp\007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe"

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe, PID: 2236, Parent PID: 1808

default registry file network process services synchronisation iexplore office pdf

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe, PID: 2160, Parent PID: 2236

default registry file network process services synchronisation iexplore office pdf

007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe, PID: 1156, Parent PID: 2236

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
212.225.253.203
86.69.177.153
23.147.38.41

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1	131.107.255.255
203.253.225.212.in-addr.arpa	PTR 203.red.253.225.212.procono.es
153.177.69.86.in-addr.arpa
41.38.147.23.in-addr.arpa
174.186.125.89.in-addr.arpa

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	57665	8.8.8.8	53
192.168.56.101	137	86.69.177.153	137
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	52215	114.114.114.114	53
192.168.56.101	62361	114.114.114.114	53
192.168.56.101	137	23.147.38.41	137
192.168.56.101	58985	114.114.114.114	53
192.168.56.101	58985	8.8.8.8	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	212.225.253.203	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	754850527c0d5f61_beast fetish lesbian .zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\beast fetish lesbian .zip.exe
Size	391.9KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e96d8f829a72bca28b94cd269b839dd9`
SHA1	`6849afd1a2bdd8be1e1f46b8e6882e8c26dac80e`
SHA256	`754850527c0d5f6144bd0a6357333917eec2a1844d0fb2cf3fcefadeea764c25`
CRC32	`8147BE76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dcbd4776b0eb0ddf_beast bukkake several models upskirt .mpg.exe
Filepath	C:\Windows\winsxs\InstallTemp\beast bukkake several models upskirt .mpg.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6bbf07c4725463c5225a5323ada10375`
SHA1	`1a78857431285b0c652dd765375c1d91eb16adbe`
SHA256	`dcbd4776b0eb0ddf8f31ca1b39506ee4a0d97ea6ecf04087f2db6a37aa37f8fd`
CRC32	`730C0C5F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1941f1dbcccdb5e0_russian nude beastiality girls .zip.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\russian nude beastiality girls .zip.exe
Size	1.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8185bb7c7bf36b28c61649bab997666d`
SHA1	`9e6cd1d1d1283b12490d8ae37f4e7e98702c8510`
SHA256	`1941f1dbcccdb5e08ea6ebd9343f8243554f2581d61ded5588e05503b43a5de8`
CRC32	`CCFAD773`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c4b641dec76e1751_beast [bangbus] feet shoes (tatjana,christine).mpeg.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\beast [bangbus] feet shoes (Tatjana,Christine).mpeg.exe
Size	334.5KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8a7dfe7061832bb0bbf6f975f0207e56`
SHA1	`7789180bbc47fc45c278c8dbb9a91b7ba8b6bfee`
SHA256	`c4b641dec76e1751dcb03c8e30b3a7b2a88ca116668628707dcdd5fce279f8f6`
CRC32	`192FE9BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9957f54e39faa4e3_african blowjob fucking girls .avi.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\african blowjob fucking girls .avi.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`256a490f79a4103387bca1efeecf20de`
SHA1	`d0a765f3107ae2e4aa514767f85e4cbc4c97fdab`
SHA256	`9957f54e39faa4e3c7696d2e0df550f567058fbd3c6f5402be7e1fd6243c167b`
CRC32	`28CD32F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	743ec029bb2d37a7_russian lingerie hot (!) .zip.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\russian lingerie hot (!) .zip.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f462b1bdddf18b4701eed6214f90f9ca`
SHA1	`c4ab2639e247e01452827eb094b1d43966867d35`
SHA256	`743ec029bb2d37a7abfec3e27372c144e3e3d3ee1549cbc00c51ded3f8a7dcf8`
CRC32	`8D0FCBA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f62ded2461539ed4_african fucking horse masturbation ash penetration (sonja,liz).rar.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\african fucking horse masturbation ash penetration (Sonja,Liz).rar.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`af6ce7194c0d780de361db4d712d6d9a`
SHA1	`cd1793ef07446760650e45bc70fdd0674248cc03`
SHA256	`f62ded2461539ed4f8492ba926f39a4d08835bf8322191a3a562c6ba96e91f9b`
CRC32	`FDB4FA46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c05ad8c4fe59cd6b_horse girls hole .mpg.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\horse girls hole .mpg.exe
Size	794.5KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3dcd6a80392fd1836069e9318417a023`
SHA1	`7fa70e5a763d024d79935d278dec2b267acb819c`
SHA256	`c05ad8c4fe59cd6ba18ae32c5d3e24e6a3d2fb033dd4fbda2ce5cd831cc4e21e`
CRC32	`024E2E01`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	96ecf411b40de33d_japanese horse uncut hairy .mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\japanese horse uncut hairy .mpeg.exe
Size	597.1KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`30a15747448200f8921c443ebe9e797b`
SHA1	`3a960923174c8e4d3f5dcc4e523096f31546490f`
SHA256	`96ecf411b40de33d0f9b465f32e21b2025ad5e67d20423dc9cc868db5cfd203f`
CRC32	`E3CD897A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	09cdaf9674116fa8_kicking lingerie full movie black hairunshaved (sandy,melissa).mpg.exe
Filepath	C:\360Downloads\kicking lingerie full movie black hairunshaved (Sandy,Melissa).mpg.exe
Size	1.1MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4175e9a66d108a6e37949df5776836af`
SHA1	`c2c9a79d12e65b19af96e80502411667fb707afe`
SHA256	`09cdaf9674116fa841ada7733675c92f482c328fc7b3e0c3f80858be443b433e`
CRC32	`DA9C764D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9b987fe42ece58f_action [free] (sonja,curtney).mpg.exe
Filepath	C:\Program Files\DVD Maker\Shared\action [free] (Sonja,Curtney).mpg.exe
Size	1.9MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fab8153dd05d664d671387ec048ee44e`
SHA1	`8752f83b81f65cec3762635065acedae4b20be90`
SHA256	`b9b987fe42ece58fe5a821d91c35bea45f9d16705036c9b261efdb44927e0044`
CRC32	`9CBBA4D3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	33fb998ed0960edd_chinese cum girls titts (curtney).mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\chinese cum girls titts (Curtney).mpg.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0968f05080e56898e0a6a7dc893b2c2d`
SHA1	`3a8fdeeb51f0a3e47e000b195966faade8c972b4`
SHA256	`33fb998ed0960edd967242df3c799013acb21dd3569bcf81e2b8de0989fdf058`
CRC32	`167D70AA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9fb47e66f220cddc_german gay full movie .avi.exe
Filepath	C:\Windows\assembly\tmp\german gay full movie .avi.exe
Size	1.5MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6245242d40da7d283256a516925b9a52`
SHA1	`db594c39806e3a97daaabb91b6ca0c5cdef47a67`
SHA256	`9fb47e66f220cddc023f7e190d8383bd10fb50fca77563b5078a0afa52cc7ba2`
CRC32	`655EF773`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eba00b549193b867_black xxx voyeur feet pregnant .rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black xxx voyeur feet pregnant .rar.exe
Size	2.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`659658a480e3c33617322bb4b549ad5e`
SHA1	`e56169d7d7d758422d57eac1e62df7ab22a39996`
SHA256	`eba00b549193b867208e138e39c1a60b96cb40710642fa128454d1da41a0c414`
CRC32	`14D0C54B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	376ba942a36698e7_trambling kicking full movie nipples hotel .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling kicking full movie nipples hotel .mpeg.exe
Size	895.0KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`da92e5ec0319725afcac310adffbef87`
SHA1	`3d244bec4deb1b8a9513daedd1673592405818aa`
SHA256	`376ba942a36698e7183be7155bb0a64b1c1714f2361b971ab73e0a54fffe5c47`
CRC32	`95D92CF4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2c5cdbe3bafaca57_american trambling uncut fishy .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american trambling uncut fishy .avi.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6d5dc8786a8e709e15f2fefc01ada3fe`
SHA1	`cf10ca046aeaee1e114df789bbf9c2b550bc840a`
SHA256	`2c5cdbe3bafaca57f9bb4bb68745e512aad77d3a8a9b08e8d401bdd2c17cdf2b`
CRC32	`EE02FD2C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	178eec4082e987ea_lesbian [bangbus] mature .mpg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\lesbian [bangbus] mature .mpg.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8159052b4532205692da3d0fe18d73d5`
SHA1	`b4cc872134b5e0b538825116f534d679e60a2976`
SHA256	`178eec4082e987ea4032247ca0a383398867c861a01de34a82a79575a7683189`
CRC32	`18326E44`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	213f0fa890a502af_italian animal catfight circumcision .mpeg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\italian animal catfight circumcision .mpeg.exe
Size	2.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`49937f90e7fe6b1e673ccfaf5877d1c3`
SHA1	`6a703bf5fd17b7ed27771d356c3f6ed5e02a54b3`
SHA256	`213f0fa890a502af67b26a5fea5a012c2925d2d2c5ab9748049cab93e6a4ae6f`
CRC32	`575E956A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43ef9f0f7ab3c140_cumshot hidden feet girly .mpg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot hidden feet girly .mpg.exe
Size	417.6KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3309c42f40e4d31e7cb68e5d9d7ac425`
SHA1	`71a13c2e9521172fac9c6689a353b5be99690219`
SHA256	`43ef9f0f7ab3c140900aaf47d20f646ee1716ff6d183deeaccff8055b8e1b562`
CRC32	`702FD038`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a7bbc9a5ae4826f_trambling trambling hot (!) (liz).mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling trambling hot (!) (Liz).mpeg.exe
Size	1.1MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`da5a624e1fc2a2db812d83190d12eec3`
SHA1	`4acc3e2f87e8196f756c71b12acae6822e049228`
SHA256	`9a7bbc9a5ae4826f9d29badd5fb0f38a7edb9faaff1b83257dc1617ce00116fa`
CRC32	`5EDCA9A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fcb54ccd75590e3f_norwegian action lesbian vagina sm .avi.exe
Filepath	C:\Users\tu\Downloads\norwegian action lesbian vagina sm .avi.exe
Size	148.3KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c326f76b1ce6e92fdbf12894a3cfe0b9`
SHA1	`bb9f02674ad4cd671927b33fe9b7e7ffe14357a8`
SHA256	`fcb54ccd75590e3fc2d7d48c55d56d73638012eda4a3b2356a56ad504f37cb3b`
CRC32	`4DFAA2FE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b7dd9418a6e13ee8_horse [free] (curtney).avi.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [free] (Curtney).avi.exe
Size	1.2MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`38d289dc03d46eec77fb5fbb8f69c874`
SHA1	`8be7876f33f1ebd5514010589cf9df2daacc5ace`
SHA256	`b7dd9418a6e13ee87bd93d0ab4047ec8d6622e54092ba6ef3341d121c4f30353`
CRC32	`6439687B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e455bf683effb6e_spanish nude several models legs sweet .rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\spanish nude several models legs sweet .rar.exe
Size	1.6MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eba1190a6003a6deac56412dbf2dced7`
SHA1	`8119ef912f95d313680ef1e392bfba0ca3a5b65e`
SHA256	`6e455bf683effb6ee7ad4c0005bfdf9e04ee698f6ccd7f40e0b3b508a3452299`
CRC32	`7336F375`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	054b239bcfe363da_norwegian fetish licking .avi.exe
Filepath	C:\Windows\assembly\temp\norwegian fetish licking .avi.exe
Size	986.1KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6fa1a0751e5495c819b9432e30a6793b`
SHA1	`5e84f8f637828cd74c9896e1f225ca54360039ad`
SHA256	`054b239bcfe363daaeecd2e7f5bbfb90d534a022e9f66b3e2c399f5b35e4ba8c`
CRC32	`AB393855`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8fc8bd817b5138d2_italian gang bang catfight cock ejaculation .avi.exe
Filepath	C:\Program Files\Windows Journal\Templates\italian gang bang catfight cock ejaculation .avi.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4b70205a6f4c372a4e7c15d92c1eda71`
SHA1	`16ceac33bd2775822060f50b023a116fcb642adf`
SHA256	`8fc8bd817b5138d2d5f857d26cc61ce4e3923883a6c1ad68931c436eaeee7f30`
CRC32	`89279906`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5b72adc7a59ad92_japanese lingerie big feet sm .zip.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese lingerie big feet sm .zip.exe
Size	803.6KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`95ebf55d1a4807c7a3678e4cae458601`
SHA1	`4beedb30f95085c9785942ef3120b1e2edcd8bed`
SHA256	`d5b72adc7a59ad92247134d5030dde02c6bb33e9acf75767cf88ae797b2fa795`
CRC32	`54D0259A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6f1c059af4f4a676_sperm cum girls bondage .avi.exe
Filepath	C:\Windows\SoftwareDistribution\Download\sperm cum girls bondage .avi.exe
Size	434.4KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ef92a405bcce83f4c732139702f92074`
SHA1	`4fa5fb5f54a90b4e27bbd5ee4352af4e990b25cc`
SHA256	`6f1c059af4f4a676c27a52642c109fa4dabb668b081d844dede23c39075bb226`
CRC32	`860BBD92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31b48ed94f4bfefa_beast trambling hot (!) (janette).rar.exe
Filepath	C:\Windows\SysWOW64\IME\shared\beast trambling hot (!) (Janette).rar.exe
Size	142.1KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0acffe3e32fe878565c2ad5cbdf81c5c`
SHA1	`f5f657634b475ab47b168fedc62495fd6a60be93`
SHA256	`31b48ed94f4bfefaae50fc2fe216910719d8220e27af874cf10a1887a35b0685`
CRC32	`913469D8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e803ab9d3abab926_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	517.4KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f3c43ce65c5e35bc0078863f543c426d`
SHA1	`ac3a9bd0a41e33b0dbb2366cefa61540c1fb8908`
SHA256	`e803ab9d3abab926740acf608848fe34dd04610848875a4460728cb0587314cf`
CRC32	`C77712FD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	47b427f199ae96c2_spanish fucking gang bang lesbian legs stockings .zip.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish fucking gang bang lesbian legs stockings .zip.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3624168c8353293f9db662d4ded9963a`
SHA1	`5871533e39002d132c6efd3944e59cfbe3161c94`
SHA256	`47b427f199ae96c20f7d679613ef9d834b5badb350fecf8336b24bea5f37a669`
CRC32	`5FAA2474`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab7c2f9be19a3d58_bukkake porn voyeur .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake porn voyeur .mpeg.exe
Size	2.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d5df0119dcd4096dbd74308205195cbc`
SHA1	`9ca69d569197c9cb311decf913419b6dd1c29d96`
SHA256	`ab7c2f9be19a3d58972b337aa0c58103baa429fd177ce04a9fdd6793cab1b679`
CRC32	`9D3F8AE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4e295030da92b5c0_black beastiality horse lesbian .zip.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black beastiality horse lesbian .zip.exe
Size	1.5MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`57c9b3cb91d44bfb29080a3baaf1116f`
SHA1	`a14d4af522415f4432e6c6a4c8ffa260561054d4`
SHA256	`4e295030da92b5c0f864da44308e6a8dfc1d3067985fc7e7a498837af82faf47`
CRC32	`897E06BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d36c6745eca6505_indian hardcore cum [milf] sweet .mpeg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\indian hardcore cum [milf] sweet .mpeg.exe
Size	1.7MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`24993470837605265690788c9e77b8c9`
SHA1	`508f1abeedc8bcbb128a20df549e90a3b4ce0560`
SHA256	`2d36c6745eca650589c348f13ae8a189cdbff7697ce2fa7a2318f159df2f723a`
CRC32	`1CCF4551`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf7af0b28d1ff648_bukkake hot (!) hotel .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake hot (!) hotel .mpg.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2d8788342a9fb1399bbcae0e6ed860ab`
SHA1	`ff5da09f428ecd893e1d89311eaffaf7da53dce2`
SHA256	`cf7af0b28d1ff6488d28dab6b76d8436e4e186387faf807fd4255d536373e0b9`
CRC32	`0B317299`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf7ff1d92577e1ee_xxx hardcore masturbation (jade).rar.exe
Filepath	C:\Users\Default\AppData\Local\Temp\xxx hardcore masturbation (Jade).rar.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5e2c2f401f739a5b59f0dfb81d5067b3`
SHA1	`9e4dd76532fbcf99d7a02bff21ee2e1db5f33235`
SHA256	`cf7ff1d92577e1eefcf3d075bcd4d591f90cd35e18e7f74e769b15e14aed14b4`
CRC32	`25A0FFDC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd2af5a6b6c77dc7_asian bukkake full movie redhair .zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian bukkake full movie redhair .zip.exe
Size	690.2KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`636b911c60d732a0bf77aad2930077f1`
SHA1	`7e3722eb808a8b0b3133f56098282166ce9fe49b`
SHA256	`bd2af5a6b6c77dc7dda69e0d5ab6705f3e2a74cf844d86fae26e4992bc45fff1`
CRC32	`747ABBB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34c4ea946c50d355_tyrkish cum [bangbus] titts shoes .mpeg.exe
Filepath	C:\Windows\PLA\Templates\tyrkish cum [bangbus] titts shoes .mpeg.exe
Size	1.2MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`13f78d6093e053fec2cd8c35ac21dee1`
SHA1	`903e135b67c1a44cc1163fb44b1a93b2b8754cc2`
SHA256	`34c4ea946c50d3555be20158928dc92993e0234c2b0e057e1f261681cab9551b`
CRC32	`A5004FE1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	99f4bfeb5c156bd0_indian trambling bukkake licking ash ash .mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian trambling bukkake licking ash ash .mpeg.exe
Size	430.9KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d30a70e54928510667c41ab98d197e5e`
SHA1	`8ed46cecb09e018eb3917ca1c02980046a3591ff`
SHA256	`99f4bfeb5c156bd0f4782209ceb42bec4efe76ff1d1fb0eb738db51343b98517`
CRC32	`145EB455`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8b87f339979fb551_spanish fucking handjob public legs .avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\spanish fucking handjob public legs .avi.exe
Size	1.9MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d0c4ec9fa892e26cd9ec515e76e1f411`
SHA1	`9df0c232212c3f35683fcc7bac24aa4876c58d3b`
SHA256	`8b87f339979fb551dc558194ef20201e9be31f94188fa5a4622ade408817ddad`
CRC32	`37DE3A94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	146d9eeb13804b3c_american hardcore big high heels .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore big high heels .mpeg.exe
Size	519.4KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ad3e7e6109d18e32f70ad7eb6a305ae8`
SHA1	`072f78459bd341b2a5e54b9d5568e510eea13358`
SHA256	`146d9eeb13804b3cce0f6a9a8a5adf5b16203c76d4a4053346c9f73fcb821a10`
CRC32	`F3668CCF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d113b52311f8a7c1_italian cum bukkake voyeur swallow .zip.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\italian cum bukkake voyeur swallow .zip.exe
Size	1.6MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e7380e7b39f5e31c2f69bddfbb8eca0`
SHA1	`7ed9eb050e4d699fcbe52ceff3eeb06806fd426f`
SHA256	`d113b52311f8a7c15a7c7d8505db9258885680eda4700a1cd1233b3d905395de`
CRC32	`ED087CDD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c54551faf12580d3_xxx sleeping young .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx sleeping young .avi.exe
Size	1.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a7eb0464fa5edb7db3a4d66f4745895f`
SHA1	`c52d02ec44adc97a75b86238bae0205f51d94c66`
SHA256	`c54551faf12580d3c94f9750e63ed14972c6fbca5ffbcaf34ce09f5e9273f0de`
CRC32	`3349C61C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23db2d2bbe211da5_handjob full movie pregnant .avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\handjob full movie pregnant .avi.exe
Size	249.4KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9547eea73ff2ded98c542cb23284a80c`
SHA1	`7b4e11dcf4537fad3b1fa1e39014636338b5b1fb`
SHA256	`23db2d2bbe211da59a6932966a56bd93377d083c9d6f2a37db5697d4b4c2b29a`
CRC32	`F4920545`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0fc21818d27fe4fb_canadian lesbian beastiality lesbian ash .zip.exe
Filepath	C:\Users\Default\Downloads\canadian lesbian beastiality lesbian ash .zip.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`50650a031410ff28fd02bbb8f6764112`
SHA1	`aa22df5989495de336dc1205fff14321e248bfa4`
SHA256	`0fc21818d27fe4fb50461816567befa1c1250a1693e80ebb20502361fca44dd8`
CRC32	`69A75596`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20a8a1fd8327b947_norwegian handjob public (anniston).rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian handjob public (Anniston).rar.exe
Size	1.6MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`064ab4430b365dda6ad2682e9f83f43c`
SHA1	`6af3d3877627beaa9fad7299c83c257f32fd4240`
SHA256	`20a8a1fd8327b94743c6ed079c59d7acfdd2662fe6f5bc2b131acfbe3bc8e1e9`
CRC32	`14671ECF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	240d86ba133403e7_beast sleeping titts hairy .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\beast sleeping titts hairy .mpg.exe
Size	1.6MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5eb21edd645bfe5fdcbfc053c60a4836`
SHA1	`c7a0f9a6813d11c798e137ef252c07cc67ece855`
SHA256	`240d86ba133403e7e541e3cfb6dfaa3c465fbf1940bb83b6b1ca83252d561c44`
CRC32	`2E2155C5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	646929df8498b4f2_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7f8faaa77b9a64cf84a397ee1640bac0`
SHA1	`1c8889d57836906084e6d1cdd488da1ce5a3f5e4`
SHA256	`646929df8498b4f2fb2be8b69eb4d05cfb254edd005cf0a49dc805c043cb3f96`
CRC32	`8EAC797F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a402c5969251e6b9_spanish nude lingerie full movie beautyfull .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\spanish nude lingerie full movie beautyfull .zip.exe
Size	1.2MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`00c3655f02f8883b31316691fa022c62`
SHA1	`1847f7c0cbd494dbd8b284b7df83805b90068d69`
SHA256	`a402c5969251e6b99668807c96020722e24a819b347694ea0825662285698516`
CRC32	`8456AF97`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93734585e9278003_xxx lingerie licking vagina sweet .mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\xxx lingerie licking vagina sweet .mpg.exe
Size	1.4MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5f1c0cf4dfe8c4cfe757dcd0153ff1c4`
SHA1	`6155013fa327d44ad8e6ce8bbee841ae86017c3a`
SHA256	`93734585e92780035f3dbba5af92a455549364a5ceeb97c4462059c39945af74`
CRC32	`8290B2E1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6b66fdbe4189abfb_handjob handjob [milf] high heels .zip.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob handjob [milf] high heels .zip.exe
Size	389.0KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9b1fec92396ac5bcc305bc12ae7e0721`
SHA1	`3817cba0dddaeac3be054e959503728dafc2137b`
SHA256	`6b66fdbe4189abfb6e3acb86010046d3044d1306895dfe5361b7f1419355f844`
CRC32	`87915951`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d54448e83162441_african horse lesbian blondie .mpeg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\african horse lesbian blondie .mpeg.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2d844b934da747518deb460ba8d01c94`
SHA1	`9ff07d58496ebb7086d7a8cb681c399da90cb693`
SHA256	`4d54448e831624415ca2a2284af0bbedad9bb078b172d08005cbeb3d7f706a46`
CRC32	`82CA76CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	89f0b16d3f990124_kicking big (sandy,samantha).mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\kicking big (Sandy,Samantha).mpeg.exe
Size	1.5MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`52ac35f9fd8acd5ebc28b3b06bbe8476`
SHA1	`3adf50f8d17958d2974b15d7915f14ba23f4ba9b`
SHA256	`89f0b16d3f9901249e5629de6762abcd50f6854cb645de41b94c19a05b65e9da`
CRC32	`AB1BBEAC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b610972de5344be_indian fucking catfight ash pregnant .avi.exe
Filepath	C:\Windows\Downloaded Program Files\indian fucking catfight ash pregnant .avi.exe
Size	1.6MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1c67ca0cfb3d7d24beb532fc5eb7a515`
SHA1	`e0fdb55203a7d9ae4354d337ef60108a9b1f0c86`
SHA256	`5b610972de5344be9c60f7034b89e24c0e601ceb2b04984ec3e6ed4ded64b056`
CRC32	`A888FDD8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	193363b54d5fbc27_asian fucking girls .rar.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\asian fucking girls .rar.exe
Size	366.6KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`63bb4c7a7ea5a5afee8f45904af68c2e`
SHA1	`0e5289f7f537efe005d7402feccea0646fbd6a52`
SHA256	`193363b54d5fbc275412adb578fe3385a5973aa89c8831c47d550b324e9ad2e7`
CRC32	`C6C7D131`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5d9f87e14f1daf1e_asian hardcore lesbian (samantha,gina).mpeg.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\asian hardcore lesbian (Samantha,Gina).mpeg.exe
Size	219.0KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dbfbc389cffbad849b80961d09d0ceb5`
SHA1	`88350d7174fec4ddcb2df3f1f1c3a418174e98c0`
SHA256	`5d9f87e14f1daf1e609011ed839d53d01797b12fc66c198e5dc17375cf0e398e`
CRC32	`759BE9F9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	018b6c45bdd7d8fb_african gay beast big gorgeoushorny .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\african gay beast big gorgeoushorny .zip.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c2e48229b89ae0c6f466308e2a623370`
SHA1	`069052e9cfa31379de8d6361617a217d8959a094`
SHA256	`018b6c45bdd7d8fba58b5b9292222499f0bf6df319fc26536522b59ce93dbbbd`
CRC32	`C3EA0742`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b433bfae2f56edf0_brasilian lingerie hardcore [free] mature .mpg.exe
Filepath	C:\Users\Public\Downloads\brasilian lingerie hardcore [free] mature .mpg.exe
Size	653.5KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`909f5f42e1b3cce3c70cf4a9adcff736`
SHA1	`e93bc11927d1e4d016c5a69fbb0d47816a451c95`
SHA256	`b433bfae2f56edf0d50428f37bcf2436ddaf139b2a1d9d00a4db9315af592cdb`
CRC32	`7C7D72B1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6189db24b98fdbd7_spanish kicking girls circumcision .mpeg.exe
Filepath	C:\Windows\security\templates\spanish kicking girls circumcision .mpeg.exe
Size	129.3KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`91d9a014e505f093ef601083484a0d98`
SHA1	`172429dcf8a5b871ced8e853006368f84d86a9e7`
SHA256	`6189db24b98fdbd72cbfff0ffd70a4b1cc2a311422dc899e2af7cc57066c6226`
CRC32	`43F07003`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2290e15cb47be2f9_spanish horse hidden .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish horse hidden .avi.exe
Size	876.1KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`793c6b84827610dad80351acd8ac36e1`
SHA1	`acf99500761810cbe2189386b9d5f0fbc1d8c013`
SHA256	`2290e15cb47be2f956d0868945715b23bc4e505b410347dbc29e7bd67dc4e94a`
CRC32	`08369EAF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2e9f47ff9a2e405e_russian sperm public .zip.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian sperm public .zip.exe
Size	685.5KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa01e713ff55dee84b94bc5d292ad22d`
SHA1	`0019b62fa010f2e5db9c499f51b241584e1eeea6`
SHA256	`2e9f47ff9a2e405ef797ffe220efe8cde0613a2289395b6869363ac1ce36c3cd`
CRC32	`D3D1F729`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eacbe6065bc1298a_trambling animal hidden .mpeg.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling animal hidden .mpeg.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5d7673596648d9785fecfb1456d2dbbd`
SHA1	`189524d38f38c7f4c5ebee4c376faa19a0f7ddcb`
SHA256	`eacbe6065bc1298abb92aa3d1a3dc1c63cc0adba86db88bb98c9436bf7e5a89f`
CRC32	`EFAB7E2F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d33b7ce50cf36a62_spanish bukkake lesbian uncut .zip.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\spanish bukkake lesbian uncut .zip.exe
Size	251.8KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`96812610a69be4d9aa7cf422a79286bb`
SHA1	`d4f0d2daff3b3b4f6f4425af501aa94953015851`
SHA256	`d33b7ce50cf36a6292767ffe65696a06053fb3a895690ec0ab7e386faa618755`
CRC32	`9CB74161`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9289c67eed1aebf6_norwegian kicking licking .mpeg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\norwegian kicking licking .mpeg.exe
Size	715.5KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76dabed86fe9c3f4a0c8ea8a0a499bd7`
SHA1	`c87c31c32af41901bfd0627357cc6e3dc997f96d`
SHA256	`9289c67eed1aebf6f1a24232457670d8c3d096b44e8815540821f6ad48367e00`
CRC32	`E83A3F71`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b2d1b0f4f2e84415_african animal licking ash .zip.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\african animal licking ash .zip.exe
Size	631.9KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7b5add9615b6ec9c31e81f39a48bde63`
SHA1	`82fd7a82832d8a0965da66740af9c42a1a3e666b`
SHA256	`b2d1b0f4f2e84415e0e708955928096977cdad845ecaa7876c017e83c2f6ee70`
CRC32	`71ED6E2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5dfddeed0e708ca0_asian horse lesbian hot (!) blondie (gina,sylvia).zip.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\asian horse lesbian hot (!) blondie (Gina,Sylvia).zip.exe
Size	284.8KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`249cc97039e8785ce0900fabbdb31639`
SHA1	`9c088d56d55b47f1853fb03f3ca30fdd10b23abf`
SHA256	`5dfddeed0e708ca0abdb77e8125d45ce1a1e8f8ad764dc1e9f4c247f29f89776`
CRC32	`166560AC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9bb41b002b2fb7f9_swedish blowjob kicking full movie hairy (christine).mpeg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\swedish blowjob kicking full movie hairy (Christine).mpeg.exe
Size	430.7KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eb617ba0c8e1f43236bab71a151ff0a8`
SHA1	`8b26a50cf4d4bec7816556f6886483cd818e99c8`
SHA256	`9bb41b002b2fb7f95335c2ac3c9736c15199d0ffb8e63c4cf78e71dc996bf12b`
CRC32	`68908A55`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39c8df85628a5254_canadian kicking fetish hot (!) .mpg.exe
Filepath	C:\Windows\Temp\canadian kicking fetish hot (!) .mpg.exe
Size	1.4MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`934932f52453072802d293c2c9387796`
SHA1	`8d304f2a168307f89d7b0e2baf2b566fac1e248f`
SHA256	`39c8df85628a52548248ed29ede847dc3024ef52038feb4fe99270e25bf23ab6`
CRC32	`DD7C0A8E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06f9427fa662d51d_black gang bang sleeping legs .mpeg.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\black gang bang sleeping legs .mpeg.exe
Size	806.9KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c70a2856e29c8c7b0046e40714b05488`
SHA1	`f7b0d15452292dcfc9e9ebc55ba1daef7df22382`
SHA256	`06f9427fa662d51d848d68aab098486c0697ee4777ef0ec7e4489021d0aa7a2e`
CRC32	`2D9917A1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5bd3b5dc64766c0b_russian porn [bangbus] traffic (sarah).mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\russian porn [bangbus] traffic (Sarah).mpg.exe
Size	1.1MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ce6ac0c7ea7b13e0a0a6eeff7e031977`
SHA1	`c37abe2be058820b659592e4f17ee9712cfae9fe`
SHA256	`5bd3b5dc64766c0b322b745d4d56776891273e447ceedd0c2a451edc83576012`
CRC32	`085A09DB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1c776c6f39fe5f13_german blowjob [free] .mpeg.exe
Filepath	C:\Users\Administrator\Downloads\german blowjob [free] .mpeg.exe
Size	305.1KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e35dea041c4b4626aed385ecccb793bc`
SHA1	`8812043187dbc1be1b72bea2ef2d33cbe52b7eef`
SHA256	`1c776c6f39fe5f134be876d6301455ce794d09168d2135f1bbc38743b9369ffe`
CRC32	`FEB2CAAD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	748fa45d33234489_beastiality nude hidden .mpg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\beastiality nude hidden .mpg.exe
Size	2.0MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a3869550062f5b6e7fce2f97e4c028b7`
SHA1	`1cd3b99bd249c35f79f975d048c3d7455bd2781a`
SHA256	`748fa45d33234489a3d32396529ac3e9b16dd358ec42599aa8fd55f131b5aa7e`
CRC32	`FD6E3A88`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f800f8ff9360084_asian blowjob voyeur .zip.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\asian blowjob voyeur .zip.exe
Size	786.3KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4bad0ebdf7386b2ae78486bbb4e81416`
SHA1	`18fae6deac1be95ed484d9c6129b615bdabe55cf`
SHA256	`8f800f8ff9360084576934125c390ccac89e9479361bb8f0f2d03ce7a5734039`
CRC32	`7AA88A14`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ebd32b4a024a2b8e_asian beastiality licking (karin,tatjana).avi.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian beastiality licking (Karin,Tatjana).avi.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d231f50e1f573d6ac801c7a5a9cd80ae`
SHA1	`39a33d4f69a023c86f4909ef0f2534342c089b37`
SHA256	`ebd32b4a024a2b8e4ea3d0c27519b5940517c8f072155f5c7eca40c56157a34b`
CRC32	`798739EF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b5831464d16e355_handjob masturbation vagina redhair .avi.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\handjob masturbation vagina redhair .avi.exe
Size	280.0KB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6c58579fb344b19143b91b98df5d1108`
SHA1	`833affaa4c0aacb9f7677e6ce4ebfaf13428f405`
SHA256	`1b5831464d16e3553ab7828d14d39eca335ec67e82870d0a7b74ee5b6f690371`
CRC32	`18AD5567`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b95154ee163a5846_american sperm hardcore [milf] granny (sandy).mpg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\american sperm hardcore [milf] granny (Sandy).mpg.exe
Size	1.8MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`583e96e819441ac934b02ecd3f8d671d`
SHA1	`37e27b1c8b5910bdca6d83e90385beaabbb24b0b`
SHA256	`b95154ee163a5846f384e4df79bb2f76d2b6729eb729fc874c0ebceec26c9279`
CRC32	`B8405094`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	df3f02a6bcb4991c_russian animal [milf] .avi.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\russian animal [milf] .avi.exe
Size	1.3MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d2229c234b1f453a6d938c170f1e8008`
SHA1	`b3947a5cc901ad2c15c08e79e4cec4218ebe32b0`
SHA256	`df3f02a6bcb4991cc1f559238bb3a015a82750f83323d1f39827c1925188f651`
CRC32	`6680ABCA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eff3a8500d68b3c4_french animal fetish licking .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\french animal fetish licking .zip.exe
Size	1.9MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fbf8bb36c188d6067fe5ac68f3f12d1f`
SHA1	`7bc70c9d5cbbbb8c2b0c6094997ba78df49207f8`
SHA256	`eff3a8500d68b3c4bf8009623b8dd1fb4a78e47d74d3d71c6eccb6fab1e871d1`
CRC32	`7DA7A001`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78156d6324fa3bdb_spanish kicking hot (!) .rar.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish kicking hot (!) .rar.exe
Size	1.4MB
Processes	2236 (007f90f9f362810b45acd8e37b18dbbd1c1c91fdf27007aadb019adc4b7de02f.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`861ba92842ced4e37ff9aca5515d1903`
SHA1	`7af2addd2406d21d641c2f564be6fd8f804b82a2`
SHA256	`78156d6324fa3bdbfea36724c5517c86e484d087ce1f0521605ba2db27067d1f`
CRC32	`9BB4D2B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.