SmartHawk

3.9

中危

64 个模型检测该样本为恶意！

重新分析

下载样本

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe

分析耗时

268s

最近分析

384天前

文件大小

189.2KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM SFONE

DACN 0.14

FACILE 1.00

IMCLNet 0.71

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.06s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.71	Unknown	0.21s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Worm:Win32/Sfone.364	20190527	0.3.0.5
Avast	Win32:WormX-gen [Wrm]	20240327	23.9.8494.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (W)	20231026	1.0
Kingsoft	malware.kb.b.996	20230906	None
McAfee	GenericRXKN-BX!BFB55C4DB85A	20240326	6.0.6.653
Tencent	Worm.Win32.Agent.d	20240327	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545358.32825 GetComputerNameA	computer_name: TU-PC	success	1
1727545358.34425 GetComputerNameA	computer_name: TU-PC	success	1
1727545358.34425 GetComputerNameA	computer_name: TU-PC	success	1
1727545358.35925 GetComputerNameW	computer_name: TU-PC	success	1
1727545360.62525 GetComputerNameA	computer_name: TU-PC	success	1
1727545360.65625 GetComputerNameA	computer_name: TU-PC	success	1

可执行文件包含未知的 PE 段名称，可能指示打包器（可能是误报） (4 个事件)

section	.jxmnr
section	.lpkez
section	.g
section	.d

在文件系统上创建可执行文件 (50 out of 77 个事件)

file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese fucking gay several models bondage .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\japanese beast lesbian hot (!) lady (Sarah,Kathrin).avi.exe
file	C:\Users\Administrator\Downloads\handjob several models high heels .avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling [bangbus] blondie .mpg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lingerie sperm girls legs .mpg.exe
file	C:\Users\Default\Downloads\italian handjob gay full movie (Kathrin,Ashley).rar.exe
file	C:\Users\tu\AppData\Local\Temp\asian handjob cum [bangbus] .mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\kicking porn voyeur .zip.exe
file	C:\Windows\mssrv.exe
file	C:\Windows\Downloaded Program Files\chinese trambling lesbian .rar.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\kicking sleeping .zip.exe
file	C:\Windows\ServiceProfiles\LocalService\Downloads\indian beastiality hidden sweet (Christine,Gina).mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish gang bang kicking [bangbus] .rar.exe
file	C:\Windows\SoftwareDistribution\Download\canadian trambling nude licking gorgeoushorny .avi.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\lingerie handjob hot (!) nipples black hairunshaved .rar.exe
file	C:\Windows\System32\config\systemprofile\animal uncut traffic .avi.exe
file	C:\Windows\PLA\Templates\african beast [bangbus] (Anniston,Liz).avi.exe
file	C:\Users\tu\Templates\british beast [bangbus] .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian fetish cum [free] stockings .mpeg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake horse masturbation .avi.exe
file	C:\Program Files\Windows Journal\Templates\xxx animal big legs .rar.exe
file	C:\Windows\Temp\beastiality [free] .mpg.exe
file	C:\Windows\SysWOW64\config\systemprofile\italian horse lingerie girls .avi.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\cumshot lesbian hidden .avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese cum cum uncut vagina .rar.exe
file	C:\ProgramData\Microsoft\Windows\Templates\bukkake beastiality hot (!) (Tatjana).mpg.exe
file	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\kicking public castration .mpeg.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian nude licking nipples shoes .avi.exe
file	C:\ProgramData\Microsoft\Network\Downloader\canadian trambling fetish voyeur (Sarah,Britney).avi.exe
file	C:\Users\All Users\Templates\gay full movie blondie (Britney).rar.exe
file	C:\360Downloads\tyrkish beastiality fucking uncut vagina bedroom .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black sperm fucking hot (!) titts (Jenna).mpg.exe
file	C:\Windows\assembly\tmp\american lingerie uncut circumcision .mpeg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\canadian fetish uncut ash .rar.exe
file	C:\Windows\SysWOW64\FxsTmp\tyrkish nude licking titts sm (Samantha).mpeg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american nude [milf] boobs bondage .mpg.exe
file	C:\ProgramData\Microsoft\RAC\Temp\canadian nude lesbian (Ashley).avi.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\african handjob lesbian cock .rar.exe
file	C:\Windows\System32\IME\shared\sperm blowjob [free] hole boots .mpeg.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal sperm [milf] legs .avi.exe
file	C:\Users\Public\Downloads\gang bang sleeping vagina (Christine).avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french beastiality beast full movie vagina redhair .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish masturbation (Sandy,Tatjana).avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian horse beast [free] boobs shower .mpeg.exe
file	C:\Users\Administrator\Templates\porn [bangbus] .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian blowjob lingerie voyeur cock castration (Janette,Jade).mpeg.exe
file	C:\ProgramData\Templates\cumshot several models gorgeoushorny .rar.exe
file	C:\Users\tu\AppData\Local\Temporary Internet Files\french handjob horse uncut circumcision .mpeg.exe
file	C:\Windows\SysWOW64\IME\shared\tyrkish lingerie fetish licking sm (Sonja,Jenna).mpg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\horse catfight titts sweet .avi.exe

将可执行文件投放到用户的 AppData 文件夹 (19 个事件)

file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\french handjob horse uncut circumcision .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\swedish porn horse big (Gina).avi.exe
file	C:\Users\Default\AppData\Local\Temp\indian kicking girls .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\hardcore blowjob sleeping .zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\lingerie handjob hot (!) nipples black hairunshaved .rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\handjob lesbian hairy (Sylvia,Ashley).zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\british beast [bangbus] .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\french animal [bangbus] upskirt .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse catfight titts sweet .avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\kicking sleeping .zip.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\handjob voyeur nipples (Janette,Curtney).avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian nude hidden hotel .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\japanese beast lesbian hot (!) lady (Sarah,Kathrin).avi.exe
file	C:\Users\tu\AppData\Local\Temp\asian handjob cum [bangbus] .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\porn [bangbus] .zip.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\kicking porn voyeur .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake horse masturbation .avi.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\german horse big 50+ .avi.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lingerie sperm girls legs .mpg.exe

搜索运行中的进程，可能用于识别沙箱规避、代码注入或内存转储的进程 (3 个事件)

Time & API	Arguments	Status	Return
1727545331.43825 Process32NextW	snapshot_handle: 0x00000134 process_name: taskhost.exe process_identifier: 2340	success	1
1727545331.43825 Process32NextW	snapshot_handle: 0x00000134 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1784	success	1
1727545333.953125 Process32NextW	snapshot_handle: 0x00000118 process_name: is32bit.exe process_identifier: 1464	success	1

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x00009000', 'size_of_data': '0x00009200', 'entropy': 7.7228958156896965}

entropy

7.7228958156896965

description

发现高熵的节

entropy

0.32882882882882886

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 174 个事件)

Time & API	Arguments	Status
1727545331.43825 Process32NextW	snapshot_handle: 0x00000134 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1784	failed
1727545333.89125 Process32NextW	snapshot_handle: 0x00000234 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 2656	failed
1727545336.10925 Process32NextW	snapshot_handle: 0x000002a4 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545338.10925 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545340.12525 Process32NextW	snapshot_handle: 0x00000278 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545342.14125 Process32NextW	snapshot_handle: 0x000002b4 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545344.15625 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545346.17225 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545348.17225 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545350.18825 Process32NextW	snapshot_handle: 0x000002b4 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545352.18825 Process32NextW	snapshot_handle: 0x000001ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545354.20325 Process32NextW	snapshot_handle: 0x000001ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545356.20325 Process32NextW	snapshot_handle: 0x000001ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545358.21925 Process32NextW	snapshot_handle: 0x00000278 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545360.21925 Process32NextW	snapshot_handle: 0x000002dc process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545362.21925 Process32NextW	snapshot_handle: 0x0000036c process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545364.21925 Process32NextW	snapshot_handle: 0x0000036c process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545366.21925 Process32NextW	snapshot_handle: 0x0000036c process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545368.21925 Process32NextW	snapshot_handle: 0x0000036c process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545370.21925 Process32NextW	snapshot_handle: 0x0000036c process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545372.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545374.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545376.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545378.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545380.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545382.21925 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545384.21925 Process32NextW	snapshot_handle: 0x00000368 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545386.21925 Process32NextW	snapshot_handle: 0x00000368 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545388.23425 Process32NextW	snapshot_handle: 0x00000364 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545390.23425 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545392.23425 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545394.23425 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545396.23425 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545398.29725 Process32NextW	snapshot_handle: 0x00000364 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545400.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545402.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545404.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545406.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545408.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545410.29725 Process32NextW	snapshot_handle: 0x000002ac process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545412.29725 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545414.29725 Process32NextW	snapshot_handle: 0x000002a0 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545416.29725 Process32NextW	snapshot_handle: 0x00000368 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545418.29725 Process32NextW	snapshot_handle: 0x00000368 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545420.29725 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545422.29725 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545424.29725 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545426.29725 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545428.29725 Process32NextW	snapshot_handle: 0x00000288 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed
1727545430.29725 Process32NextW	snapshot_handle: 0x000001a4 process_name: 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe process_identifier: 1972	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX1				description	节名称指示UPX
section	UPX2				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (10 个事件)

host	114.114.114.114
host	8.8.8.8
host	171.226.105.7
host	72.67.105.68
host	89.33.171.213
host	187.237.83.150
host	220.130.26.115
host	86.136.95.228
host	221.244.126.162
host	113.244.190.93

一个进程试图延迟分析任务。 (1 个事件)

description

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe 试图睡眠 1239.584 秒，实际延迟分析时间 1239.584 秒

枚举服务，可能用于反虚拟化 (50 out of 9144 个事件)

Time & API	Arguments	Status
1727545329.40625 EnumServicesStatusA	service_handle: 0x0058ca88 service_type: 48 service_status: 1	failed
1727545329.40625 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.40625 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.40625 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.40625 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.42225 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.43825 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed
1727545329.45325 EnumServicesStatusA	service_handle: 0x0058cb00 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exe´µV´µHÂY4Ü´µV8VHÂYl[w`ÛXHÂYà8V8VXÙXHÂYèúVÍ°z8ûxÿÍ_w^%þÿÿÿz8[wr4[wXÙXnoPÙX0ü¿évVXÙXÃ@\ýÜÞXÙXØþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意 (50 out of 64 个事件)

ALYac	Trojan.GenericKDZ.70387
APEX	Malicious
AVG	Win32:WormX-gen [Wrm]
Acronis	suspicious
AhnLab-V3	Worm/Win32.Agent.R336858
Alibaba	Worm:Win32/Sfone.364
Antiy-AVL	Worm/Win32.Agent
Arcabit	Trojan.Generic.D112F3
Avast	Win32:WormX-gen [Wrm]
Avira	TR/Dropper.Gen
BitDefender	Trojan.GenericKDZ.70387
BitDefenderTheta	AI:Packer.0DF171F61E
Bkav	W32.AIDetectMalware
CAT-QuickHeal	Worm.Sfone.S15766272
ClamAV	Win.Worm.SillyWNSE-7784290-0
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.db85a6
Cylance	unsafe
Cynet	Malicious (score: 100)
DeepInstinct	MALICIOUS
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	Win32/Agent.CP
Elastic	malicious (high confidence)
Emsisoft	Trojan.GenericKDZ.70387 (B)
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.bfb55c4db85a673e
Fortinet	W32/Agent.6C6A!tr
GData	Win32.Trojan.PSE.MW8XOZ
Google	Detected
Gridinsoft	Trojan.Win32.Agent.oa!s1
Ikarus	Worm.Win32.Agent
Jiangmin	Worm.Agent.ws
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
Kingsoft	malware.kb.b.996
Lionic	Worm.Win32.Agent.tsjj
MAX	malware (ai score=100)
Malwarebytes	Generic.Malware.AI.DDS
MaxSecure	Trojan.Malware.300983.susgen
McAfee	GenericRXKN-BX!BFB55C4DB85A
MicroWorld-eScan	Trojan.GenericKDZ.70387
Microsoft	Worm:Win32/Sfone
NANO-Antivirus	Trojan.Win32.Wofith.hzygna
Panda	Trj/Genetic.gen
Rising	Worm.Agent!8.25 (TFE:1:EV1tbXRZcAI)
Sangfor	Trojan.Win32.Save.a
SentinelOne	Static AI - Malicious PE
Skyhigh	BehavesLike.Win32.Generic.cc
Sophos	W32/Sfone-A

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.jxmnr	0x00001000	0x00011000	0x00011200	4.8945685549579565
UPX1	0x00012000	0x00009000	0x00009200	7.7228958156896965
UPX2	0x0001b000	0x00001000	0x00001200	0.7017545132594376
.lpkez	0x0001c000	0x00001000	0x00000200	3.9638687291035044
.g	0x0001d000	0x00001000	0x00000200	0.7979048049025844
.d	0x0001e000	0x00001000	0x00000200	3.985241329243797

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

->zU?C1.*ph
.jxmnr
.lpkez
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
U%z?@e`@
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
Y<9O_V4#
,:@>" :I
7&)"DG5D
E+4,=CJ2:$@/">?<$D
@%0?&6
/ !%.
0!&'-'
D@>3(LM
C-B7?4
5)&5%L
>L%@J5
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
J#+'2r/
{-$z$uvP
q y%&/z
!H'4,N
V>2oh+s*5
\% )N$
^/C~V''W#M,
<:Y&dH;
<C=h6;
1s02j&
=Q)s4R<~O
R."w7/63 (t
p~-i0%|?:
-H)p,/
(+gL,(CZ>
4"]d7 k+%F
s#:X> 9U\?)+
2e1!Oc
_&z<<U:,J64
M(X{g6U
VJA&si4
Pz8<3w
)#;yGC$
P*-a*^
BSc1)W} <+3b3H
8eV32A
r: .%~)
+]3;[j1*
#G9,=8CoY
,i9"0E
r;97/5&
))[1j=
5`.>'4n
V<_=$7M
#J:'>[
V2$^X;)`&
M cd..
'N%>+N20
485#W(
V>Q(:r4
zy<,z.9
55eF0AG
x7k6Ik;
~^+9:`##.?
NSQ:}*F'+
42F@1.$
UB_<,L"p$H@
PD\=MGH
_*u!R;x0
X}.tz609s>Ah
y&;"_9^
$$4$'@
C.a]m"
)i6d@b
&SbA M
[:{~>>
d*0bh 
;,n./#Ru=1
x>p[$%X?(
IB09(s#;l
B5,=|
G#9/3~
Z]4)7?
k8h795,'Fd;
Bo2"\f;,
5#,3+H/s,:+ 
g$&%M<\1
S'yN1A
#P)l;!Q,Z
L,-'P:.X%P
"87Kv3
0?%IGh
T>^w-aFu
@KS)C@
E~A5B>k
3(W'gP/du=%1A
2v7*~$p0Q..xup5{Ot-\3
x4g?,>b
M,&Dw,5e
/s5ykD34
Y6V>S1-n
-H_#3&N'
i"0Dz*My
8''!^T`-m
7k]<<Z0Q/
.}3-V#
+1j%$d
s\2i>a
w{q$:6E x
q-!" <
594'F3
!&dy#9:%;#Y
1Nj.}s
4y>,XA",
6/#?m-
$2Y43t
*_;+2R*
cJ#`$7,
0*MJ77"
C$$,<xK
0n+W,8$
au?$-0
)]z:v1
QD&,%y
D;;9-jo
>:U&2!
,b"!6"
%>)@<-t
W;z-('\a
'z/;41^
0*5Z6//H
Ba!%2ttP
ED$-'63[P"
+s3f'k
q,*io6*!
P9q0>13
{-% ]"wJ
(&:',#H
]S:Jy4WmN
"z)7=" `f
j<19Ti
5?d_-Q"<
c*u>z:24/8P
X15_(1
7,-+#
>MDW/&
dD*Ze )
9`2-N-
m3;9:n
/4tw$39N
f)K.S!?
7xC!L+
Q.0[7k
R&b<h
%pT"gT
k4F-7&bD\$~u1
.uw$T+N
'L4p=r2-s
)`r-D
=38)U'"28@7
XU/+'("''M
~ ?K?8H
't^3$[%
s/7o\>*
5&e[&)9
#?d^
SX$d~14S
Y+A9'm2<7
P.Q{w&2
3-#>=r{1
q4DZ,qx
6x3"h4
;r9k0
*}(A%~.
A$5Ofr:)
UQ-<d=y
H85*;&(#};
w-AG=s>+v
6k1)#k o
.'N2zv3
)<.%=Bk
KPY(.H6)
*7Gw4p
I1n8'VS
H$<$Tc&n
Tj5?"RpK0%~;
{T$F57O! b
jC,z56B(gV(|
"#Q$)m*0t
 .o/]<9
v%}59/]
T8$q6!
kL. 04
>u<&N>_K
/O2:0'
-C>r|#
48I9&B
"D!_8TF
[ DB:n[;
!3"+1`,
G,v! (5
;'i+4
448N`
o'<A9yj
:\f?.r
1'X5$p2
5$n4:*y
iM:Ou X
g'V#Tt
)l7;j=
z<\!"d4t2v
Qv.6=j
RJ#}3$
`0:"5/
HF$~$u?79
zW)U|#
0P"\{t
AD5-69P6
2{y #%
Aw&H%o
9+)2O?K
7s,!@9Z
*0^<@v(;
(,^<=+
BoA&Xe
R4Q!,!.
61W7j
=x"-1N+"
e** /w7
iO>pMT
=dl&8~+:
'T;s3;0&S*[
D.d1^i
[>F5)5f
}N(h5a8O
N:U5M4
:U9Q8NR/?
2h\.P
-O8V] 
8s"1U78^
3_:(Hg
S}D7Bp
@pf1m"*
8&:#a`@
>^-;6z2
$W4Z:f
>Iuj)LP
 c4R0(
gZ]2|eo
{yj) A i5 j
v]/'wD
.M-4_A'yE+h
[,-he*
=;v=H|
^v<7&B
'>q/-X1[9
*nQ&546w
Wu(d)}
s\,-:8|
G$[3D>
;U009v
C*x,0>qn
#U{6g 
!2'U37
C4'z~0
Yh/F@>
:oxV6
K=\&:@%
1.!7-$DS
B*(3"*
S>7a3-1N
>77Z+0[)_$^
@A;;G>d:E*54W7r
L+<J$c#0
Hb0t%6t
W")g\!
&,#/$#
s=|V!h
+*]0/?3p|
Td)lU*
7F}:U`
@"y5&u?$
>+. I
'k1} %
yk0fK#
(d&"f+h
K7{>j>@,WH7;(
&y*>S-G;,/
u8=:?,uW
25:<.{
"&|$49.
ld:zD1hI
4)Z.5J
4d+On?
y)`N,AP
'?Y_`*
8t<:ux*=!
$6g6ZE
"**SAI
;E6t{#
*T$.9:
BP(#Z0I
Ix)&2K
^MG2f
s6x-,64mY9
tkB2y
]{% !r*so7
?;O&wH5?\V
W87Rv8;x
Tor3g^
5f1=V1x
 m"&e(
x!&zU<Y
J/#o))
%?6d$2
<L3Y(2+Hm
ue'43C
/.333W0Zi
'<r=^}
?8+}U0
1&%N6<
el*Z:Wy
<-|'0(
+.=du:
},,9s %
1aC2"7)=z
-$?>?f-A
4Da(!0
e#`6A>
z7Q-!Z >
?5L+F4
k7{=yr5`1
U7#<:%@N.Aac$+
Kg,l<;HU
,~9iY,FG
`'8D +L|T,61
8.'`!B
*U5^a,q
([1g4*
=iMQ!
+O1V&xx
::\9{_
)5]X<TY4
E1"CJ<]W2
.+`i*,
359Fq!*HF
\#<)d9
,!e3+4
7bO:#'
;\=Z))
z48\=e
=Bj(S6
D29w4,m3
'5Y")d?0 
?)&ku#
6eh!AQ#d>[U-
g6<30}
'*3{0k
?&;4r/,
"Y7% }
Cr!Qgk"
<273-4x
|$9Ro*|x
U(`=0"2Y
<N:h>?
Y:X6!Nj#
u1Uh+#
;-!9L&!
(-cZ,r..w*+C4#p9"#6R
k98NV13
&l%$W<|
eW-$*<
>i9j?)wL
7d/>:Z 
5gC/D$
lS1/W~
y!;Sf3i
M;#0;#M
S6i+Y$7A>IF
B1}7'F5D738
^^w/C%
908,%2F,t'
*i_"ddZ
/1Lj;FE5r
1ePa$,s
+X0<]9
kZ!p?T,w
W=&{j#$
q4( C0;]3f0G$1.
O4 ?'C
}+C$re?
3IY+4|G
m{4HiU&
2N5%+-
a>!2"M
$k(8&W#+dp
J9c<y/<
#)&M&fvX=<(+L
/eI06J67-D
gd%Q7.!2"r26"
8IE.EX.1u"
f32.Fe4
>}_%DU2*
@a6+/Y)4"
R.^&Jn#
T ~E#2u
SI?S4V
u3(sFm
'cO1x^u
g,.d_>
3/]a',
,I9fd
 /:-6lR
}<?696hq22(N
9!-"Qv'
;q<,&a3
^5aK`"t#
yh6@*3zj
8bD,C6
"[S7)e;
|*kJ(33
gfc8R@
 >1C!5g
)5!>>Xy
-%pn#?
]n("Q>
d';;F2$L
J6{?g;-O4
0A@s0v+
1(*Z"$"Dz
^5_[5VM
J9;B:94C
,Z:' 7
- .Kq:B
Ij2!m?{
.!GY'<
4v2n;s 
@m"i#(3U.
f<xh% 8
|c;vK 
##4,,T
*W'~2yy:>u7
++10a=
!v'=O.h
!=*0-~0
'US4JU{
>VyL `
 _=2^Y7;
1/-<K`
tC3^oV`
~)#m..s0S+m
7*2)J(\
i,N=0?Y [V
W&T"<w
:&'vv
O #35|
2z'~<Y
}J5q?)
#P+-$=
R;{-/W
+9-ml#@
6S\`-B?
673)S)HB
Ya 6Mh
cqE2>(Y'
Y$I|.f'
e"{K.Rz
ut'S1w
4Q> !'
{2l<e&#
)&?F989
-/#8vy
n>+l,W,~("q
 _~)!28+
K3VH;Vse
h64:7G!
O+!17H
)3o2t
#6/='j')\$^
2&6R r
7Mj&8vr4K
x0S0'2;
o)<pI,'&U 
}+4"/"
n5Y\.s5@
.yw$e
/6Jr/I
+1!@ .x%:k$
9z3cL"j9wT;i+
i##e?^/:
-"nD\'{g9
-gj21G"
u,'06`/
m< \9
{.<+,D3
&)3:B*
l*$4-1q
#^b>HAk(
Z3cS+Z
"iy%a(&)
*!&!n*
q9EA7fO
'&6G0?g5w
3yX1jtU
2=n/O<Q"
{0b}M<A
&>P5a>/.\
4$+:gu3
zN 1AM%;3^)
VmN/o$}"
".Y?PF
<&#k6N?
=%iP9nA$
~>{+9x
!)C)b
hTL96l
t6-v)"_&
V &;(\9
v~-0r5/FM
Ud"D;2
&9uEX
h.ZY"z[>'/f
sB9b*-+}'
f5>l.O]7
j[;_7<i,
F3u~ J
-*+#HV+o)-2P
9g6M5^!)
ygL+Zt+%}
)w0@?aF
.Yf#=p1
507+*R!
kA.`9A
6S U.tV6+
6(>=J7
9p1$!q-S8gP16A
s>7/NI
Tz>937O&Zl
1`s/U/
~J?/BZ
qPZ.Nt<O~=
.3*!:u"b
#x'j[9-CS-zhP
A:\4)C
W&#jH>
P';2#H&
.'%o')
;vL"\m
E-f>#0
(m-ib6
$]$-$R"u*T
>?l)n
=5;~gB$
6lO(i4[
<62*Jp4O
 !#$bH;.|;
-\)2=8
K=uAy7I
%ycKk
>.ulE%
h#S/a}*
36.~$>
+l$t@)0+%L
N?Cq)@3)<!=
&g38-;
)42-1<Y
'{<n /W
- ,/>"i 
h#g0Zn>
;4!gd:
/l=`#q54|5Yd
2yB5L
(2NP:)'d
z2L>af9x
4*3$^WK%? H
hM"Rk;
7??.[a
r9tW"8
0g;8zS
{on>!<e/
,k2fRa8I;
k "r9
ju~;1a'
c#p,v>
FA7QNv"R
*r*hhm"
g%z>!B
78HjX+(
yM,t*l
2"d:L73F+
7CS++}
y2Zb#K
;l;dJ!GI;$A+
)=4&{@(;65h
k2*5&0
:7U#jB"f>?
gB='7i}% ^
P>;er<7QO8
<6iEv7Q4nO
:9"UA:
(<u9q6
?7D&u;0*
$_*q/`2<
 -[+4._|!2,
JW;F0-52
<%O$H/-
!#d+{:=j5A\-^PK3=V[6
A7/>-'$_
%4)w"L.3)ZI
+R$:O$
\9@M&6)t/'r
9wi'M2+"m
8,K,?13>IM
4CDB01
=#36"G
gr<>R"
L"9R,5
<5:*4;?p*}=/`W
l=%4L1/g
p<b8$o
W89+>pb
.2>_8'
'@1UF8
B;oD"J!'
NgF)?X9P+*f,&M
SF</X,8@q<#
7{%8#L5
Ls*dm(=
B"+O)X
w;Y<(p
=h7x7qF14
ha:-77
i-o,J,-
=}<2zt)k+
7\/u^!
X>& VU
u+P]0<J*
F>%%@2/
c/#!C&=ZcW
g,A)6.
(5't=<;
*VX0#B
B.G.)$rUQ4
-4&I_~
{m3x))`
?21;4gt
5?J&=9
J31-;R6v
<81n)Z
4V5#%/s&
<|=F5v/lT
|%-[0J>
i;3"9
^h^?83
8-C=CW
6)H#s:d$I%wK
\%9)F'
1.?9:m<
er:x?(nY
jv{8S7
=?0(PR
"u-0R'"t~6
&R}.q%vu9h D
XX$h%)
c,'ON4/J
?FW6~24Q
*}H<6./Uq
:468]%(b?n
z<g8%h
,3%$'9
O66z05
w'Z}?C
:ts'`2
B>&B4#l2
lc3>P!@+
0*)(XS
<l(&kZx
r/=<M<
Kp;!6&:'vC)A
*2@|.\P
0[c6x3
,T8$WP)0
pS>.jC+R0 
:h&@/<s
>QD(>(
&09OF
5!;z<?'
N/;L-2A-
Oq4lA=
Ov>s"#cf
4+%m ;Z
aT)wh9^k
)T*}*J_'p3xD9
<i?.4S
/B-[6'878E%4B
1KD9]"k%7\
;*K)7n}/_b*(i1;eg
7c$,?>E
xn>w!F
T\6=Ds9j
p#60vw
{&>6#2T`
3j57/z
`s q2s
XR(3x$[
%VI!T`
+Y"=9 0+4V
3A>^?@,18&^!'x
#)z67]=
;#O?+.
6vM>x`
S;/.C0?$<*S
g8K'H;p1si
y)nZ2W
L,8k!F0
+810 x=
'c:.X
v-,l %gx$
#K%8S<
ho,}S)
A]!?n5D
0-G=&+!=)
U=6Jru=
.:6r@=N\1
/-Z P{
^143~'
}&. -%
3)?&h<c(B
CH#E&1
_#[Ve3/3
==8A!'
#-$9#+
e>-t&x<1
,x%g)0r!
Ff=;Q?
RW#/52
!q<:=@
/}*O>U
9~6|p>r
7+N7!&)`Z
3\0 4!J.Y[
*qh>HW2A
E2oV!,VCm
R.X\b"_2
G-My93u
Sj.B<2
*$<!2k
6uR;&%
d'@6EX
(k6&D$e%<WT<0YJ
?I8+9i6
47s&&8
D-c0'\(1&
l$wdz"4>%
1>"??1:+:=T;1
xG:nR,>#
$ #RO|
k+3$-h
w:Y09&
\`07-(
 O&ye(
O4)m.]:
aiQA
.)@<*At1.
*\;+tj
k/p:@^
Bi1!8K
*5r;Z>-[#x
G7H@.(jDR8
>g4];,l
`$)HQ0
9,=(u>v5
?=Q+;1-FE
-H<r5u&K
JY>y;2
t1<)u9i?
*%>$Y+M,_&gy
)X}4*P
'L:^aR
G})[II!~
S-r>}1f.
*@Zv+?"#
3BP*`@
G7<O5s-)Z_
Q3`'h-(3w8{;,.6E.BZ
7e7dB5I
`2z%T%
q'B%|/I*-.
-/"/M$O>0&7
5d<Om5
C&8b.`
8v(d2=
;8s4&\
K:%@63=
.=i> -[
a;%'Lt
*-%|})F;
cE"yU4K
-m9ZX&C
:e)s"6
.k*m`>
+I0,B[,[7n
zW39:a
W5|Z e
1v0Q&H{7 
6q<6q3
5jc .5!
!I8G"~
764lJO
b[ u@&\
D,&U9g>}<-2J
h '3(n
26'*Xd
$'~<8Sao
@?I*Zz3<8h
e] f)c)1p
rA"E<_!"
g~/? *
1*<($>
#Q&v$(&
!+4|Y/
9F1{"U6]
Rx$;|%4&
5I.+(v;s%
?/?zEW
4Q8>$#
o{$72,_s
2F+#'O
6~7.Zc
m,5#@r'z
\95?:9.N
+CA0rP
8_&IB'
P;fS8%n
(0Rk5?Q<=#
E~3K.neN=x
)!1,.-
 ;"6M<}
=!}(N _,
%w(I<5
a-x51_4Jw
&#\H%V1
,W;)"21
'V$%8>4K
,+@>0:1S
Cr-.+9`
(cd*+aPWh
u3G?5f"
'q#=er0
xe)/+,
 t;w?
v9n2'{
O-:\/&.6
5).V(de7
3"=!RR2}
5;]x,-T
V0D+&J"v
:-+7/5
4/2<!j
-I!hq+
%*=!#N}/"
z_!"b<2^5}
1&?]=lIO 
G1*\0N&
V#@a3J
;Udc!~q
>e9tz$$
$^8+)
L??)+f
&( 1Ccz2r^42
df'@>s
s1KS?k
y7F?yS
-{P y1e~
]Q)?<R.&Q*
<(i(.R?~4KD
*5o^V?Ci
z*f5-kUm8
Ld-79V+&jX
8'=1^a,
%r'm6P
sS/d)(g1#0
/E /8;wl`<hG;bh'
ew15j*
R+^;R,
#/\/A:)#D 
r+9=:S
~p!5J 2
O1)/w7z%!;D+
!W&2]B.b
)L;s$!Jt)
)@K3$-td
n27:B"?m*Y
;!#5/.f
7]<#89$
:t0i%
6{+ (w-o#)
/&Qk0(
X=t7;F
?f35d;
~!3?94
h<8,Xr=
_X_:}9#"=
%lE%8F(!@!
)j'aX
3io),%(
1?S'^&1j
*h=d9l 4f
*&77j&BY
gP0{)([Q
i(/@>eis!.
,hl6&F
 i)YI*z'!)
-%}>E
(27",+
>}QoA
,uW,V 
<~*PB<u'\
S94G>b
n !<:M\5
%(Y(;I6
Kog3$u-+
3SQ!.|Z-
+8};4%D8_
${"6G/c
(F=i*tN9?g
&$-5a!=
i1a&<'"
39"KO<
=@$w#C>=W "D%
'=`>="
W9r#p]?I
S2!f5v/T
Af,/Z<vE0
.6?Vu:
4&NNM0_
'/$J[%}a>
*I.k)-E#
M&I??'
iV6)X-
32ZM7$>
 77`;BX$8q5
/%&P7&;I
*/mA:.Y
:$v#i:w
'np5e[E$r<d^#x46
E4R&t'|
_c(+t/!
5k<v
Dm#Ms4u?7}1/
NU#%hV{3\H
>~m'_{#y
b17.^Z
lGk8U$
O&G~?7y$
Y-=E1#s-.&
o$y6*_%
+7p3P\&
"t8%6E-u
#*)a'>
@=Pw(E}3
34@q"&z7
7!4*';b<8
c1$;G)Y
[k:].W/o7P)
cp.3&,
(*.@*D;s
S5-++L=K
j7+,:W$6o
(;& w).",g
dv<v#S
 <F;w1R/h1qz
<ru 9(
ZF4f: RM
psj*Q}
z<]gr~<-
 e8Us:@=O\
9%{<YY
s#Lk;55
M1P1>k
PA"=!L
 /$`<9
)jj;%b(
$>2Y,iLO/f
eM=|+D*[
(2Q&/R"3
l<q<O?n
$:d5%$6!
:~M2=)`
hs9qQ7
{!]@Ne
%3\kH:c<4JBj;U,5
OH1Y"5
a':9A2)
@/,$j(;
#U6^r K$r
*'R V
5<{K)k
:1Ug"C')
(gq<S|
.3)s39u
$=Gk)h
5!{<u(
6%1bF#6g>
F6A27/3
3'!c(/ `/
zA+}<o
YY)r'!N
<~v*of#J
V^-+8X
Ln[;Mc0M&"$
r#?7dI
\O2fL(S/@
)|00`-
,I%6iV
?e?-pL,h9?
F>b3>l
ps%7>d/
o'"'V/:,fJ
2>`=g83* l
{_-\(YE
4O9a9r.
9.+{:1&)M#
>B9)Sx,^0
KA-p&'
)q2$6%[
7%G,,'
6/*3@f48
ae$l!*>75Z
+I?g.+
5cs=/(W
&Q!97x
4=8"-R
?W:'7Ny
3e=`$o%F
UW!>K
*)20,l'?;~;q
34]14)_`
+M!er:AmQ
$;w70z
/K=&oi
Bfc93t+$4]0I7S4f51c
2.*'p7@!+
m77t/W
x~b{l5(+
3* 03V
Rn8.=~
&>x wg$
Q&]n4pl
6;'`V0
hT5V(~
D=#9/b'z
t./!6YF
{1$lEW3?}$1bz
oI62i/-J
tMU8oM
%^:bb&
X~6490
0;H 9\=
..dI=%9H"
}187?)?
I2]L!2ka(
%f83W'U/
cU)>B=g
B"%/j)1
R?J&x&
%pp3zB
!2v-/}>F*"4ML'|
:qp"bw6
D7~8"X5
6`>0!Z
Q0#V%&H
,ic.d9M#a>
0A?T?V
xT$$e!
tk8aC4rg
H?'w7^ "
+<d+c$
7h 7)|
BW(-+*(Q
.A1 Wh
*0i7(8({
xx51/2
8.:%8& z;<0=
hw!.3|y4B)"Yy"+
5G)P;T_0(i
8533#!q/
)h~=}*lE2??(
&-(<79'u<l=#
7>F;7-|b
4^Zj7K
 $S-N>X
>/:?3f5Z
z:<Z+^1
@$;/rT/
09K;6h!I:
}*7sPD
d3iQ*:e
, ob(63%g
;g1(Rg
3'p#&jH
(4z-:\
,]1FJ?]/1RJ Q#vz-
W[ I8b9
J]/o{;
i H}6;
z"-H8)>o,
 M C6F3a(B%6*j
K*;/@>7
*K(p584
A3-iO*d.
Qn+&(x
7s9&TIj)2s!iX
xvw^<]U
\4J*5Fl/(h%
62Xo!?
6NM*U0
 >-f5PNI;P
>$k20z/@
9n6V~r
Wp2S;
:~<<<Az!C
& ^83fz
0*=.%3xa
)288BGc
I>!yV5@2
R>O#<#
W+(O::
##fK E7
=6g>qK.x:
j9i180'[t
`>vt?{
RE+=Nh><_
+=])hM4
(%li(50'k$2
XB+O"!
z<++r$c2!X
$\(j:/4,;MRX
r-Cd`"@=^,
,jr;5u
6 4$rf.
0>O5)X
^1$.sc&
(+Eh)<
,Eh0;z
6:l?+&3:K.
<>'x:WlH1.8
?0=9_p
a(w3`~
|0jD7F[4\}0x(V>
n<q=X
y2w|,,vqX
}])b$7e=
/2-4RV
C3Sd=d&
;.1Vx3,
++1\='
>(7('G-CU{>|
H*D.^t1
7--"*)
*6t43K#L3[s#4
=[g*E)c7Zv"aA_
"6dT,34
 1"1#n
!6/<M<k
j)cq$n'
/@|4lv
r,3/(f8w={
i= 3=A
-2]6T(?#"A
3|=M1Kk:Ri
+%-|>/(X!~
!qf\0>q+9;<vn#
1~a? +
?l$5P(
]'X2(M3
l(;._h
&W33yz
m?t) )
kX#;*/'
:d%{g$<
8HN2e/0V:W8
,!,Q4i
6>c \
 X>#]6"g}:
&9>!X<A
,/*5u"
m=0FU0
#e'7L 
)%#083?i:0
q1i4o-G
 l(sv~
616G/k
(:5Y(z
4B3xNN81N-{
d~6W/.
s0>?]E
R3Y~<nc=!
'q=u%!
Zh.b#2
p$+/j;&ha$/(
&<72)U'N
G>Xr 1
$F4N7\|
y#4V^.K
.&'P()^
13c(j1|C6
3rz11*
25)Wp9
j*g>6A
4)j6;E*"Ev
,&1kzj
>^38Q,Qde7,bv
p^ /.6x
I3|Qv>
f%~?}$
)E~/?G N{{?~:
69o/%>r1
DO"o3D
?V $8%N/2J
z}()l 1
)Y 6I+
7&<u)*
/W;+t122c%j'.
L3H7 I
`5`V(9D5cG<)
'L?v.W_
b_$[X&8z/)
)/B?(z!!Y~
9$xX+cq6
t0:'2$
 hQ;/.$
S*2B$Q
k$?(_.>
7o4/-;
0;C)*8
0L+b9g
`9t:'C
M%V:a>
):$?-j
@fD9+"B8
t-k9&I2f6#= M+
[%+6iO
`4e4Z7
,?~D/o
6t+'h@
Z59:n=
/]3p(U
.+8F-BX
h0x&@?>F
:(Y2`A
2x,!]4b6$:a&
A2H2-a
 f1,+iv?%'%
*gS:k-s
B#Q)<SY
{#E=0?I,
R7n@;e],
)80yJ6>
gB/:A+
p(z)G?c
+f81((
Q_H7.5
~F<9J'
;<!F:bz6Y.1
4**.;=
V| m5-h
*b6';LH
t"%>5?
H!BP4t=M
ZY+&B
*_9^!)"&0v+c
(@#Wtj
i76fTX
w"x7:n:D
@1:Nd-
&)S&`()_,
vY`/.
b4(I;-=
 YD5"+B
j;C3z"\5
o0}%>h@
2*/y$8#Z*
4^=.P@<
`8!/X:&
^I?n+V`W
~/#G&>,
3P13.zs
"m#--Z9
I>zT\
*k-EF2J2/75C
>8)kO)
|+6-c],W
^Y%W. ['][{6jK'
8M/=+
9~"vV1e
DZ3S2)L
3<3}~)
'|:3C!Y]!9
*&?&=-
b]=1<~4
RH'\P0
P%<,#4
 uF"2'Olw
'h=C?36j
l7S7^Sn/*
=!d60W.
/f2 '?>>v##
&%hDY14
5Q(+}*
>]4=:h65
5l3YE)b
!Nq#-O9JF'O<
+`.&5%|
'o"[\%Bc
-SPN=n;3R
*+Y#Eg5tF< kqa1
8/4{,$f
,gV!ea
%y93*8?:?
7}!W7Yxv
=z$4j~3&1
5:vP3u
&+r( R3'nK
/rh4F%
W>h;9n
w6&{>Z.
\$o6u$
}0r$P75
40-7*/~
:+.5YR"N
0W>&2+_
<#>9W4
aDb5r7J7)0m
}<y`({-8
_2%+t+
 !E\n4^
j(R?5W.
:#6 .c5
5><we&jK7
,r7!+6
eV0 6K
Y8~')JK0
h+4s`5
m8P3?;*
C8c/ic
Hu"c0<ID
(cG4qd0
B'a-F/81{o
F )=,_y0
;**6#j
()kV07i
)!5Z"j(4b
>C+?0.
M;"bQU
*&X21N*+'l
o<"P7!
T.-%t2
?^=),!:4
:}!+`0$X
0yE8BZ
1])c6B
:K:,8Z+
.W+6.:'>4"ENg=j(s
<S4W,d
B1O8*(, k$
(b)Rd"1
g 4,Fk?s4
>*?hXz9q{
94g/`+
9]-|#;7
};f*z>
xE'_U6'2#|69I@<D
!m,8)O
5`7P'.
Z;3v0YJ
mR7\c41
MIe(Z,
*=gN1B
)@3>7;8
*_.  7{p_8<
6;%^d10c)1(,R
G=i-r7
(d:.It?
%T|2o%:
0.jr3aZ
L#>-{*>N(
!a922y>4
kD&O2<z
!=b$9A'`"#
X%"0/Kt<o~*62
0P3-W@
D"4s?*
Lf?-+_
3','L 
7nO5Hw';m
Z*%y^
.$[Og BD
#c6BF%7|c#
:w:!Q%9s
Ct)do!kFe
Nn7H$'
gA<(qK 
1R :20
t8n#@`' ^
w</5X-,^*
>$8>qz.P
5Q!vAh
5?]JU$
~KT,/4l
U+*d3J
 OSt0b?.oC
0)b#X)#=
IVH{/
?6?0Ht/KmK
ZF<!C#&I
)]:/%AH7fX
[=X)C1>(:E*
s$6:x'12nyU
Q!Tx>5
k>8 y&
+?;u=\
v>3,wM
]#r?jL
g(,&w<
N,g#,"%&X
~h$$z&3
Ot4lm
N4)?u7"e,
X.&u%3
4E*]!D
#h'5ah
y7g7!`>
YJ&AE8.
Ja-#@x$z
%k$@"8
($,b-<
ty1a9`h%W.o
(-;^;#g
L9\2m/B
iH0/0,S
"fT>:-7.x
6:{"<27
*)v0s-nVB7(
y~'>^4&g)
<|.v;8
qg;hl>.
l=';~
0E"j/#
4"X3(ap
9m)T9KI
%,0~8!N
+3<-<:2&1p>
$oa@,D
()o*t
VB '%f5C~
3:x1@0
r)*4P27a3D)
Xu((7
*/910P kX2
{n<?()W?
X0g%M#
+x2D=j?.@ [
=eP9('s K8
<z@s7?v
9 {'j=
//H3f:
%9V"%aq;%!
'>L43!J
*."C8s(Z(
8%%E$/~
nX?c^)"
=;-x#E1e{
2dC:I!7? (u0
|o!3pz=g
T*/#q$
< TW">;5
3)T9FB!0
o6l=qq
p4:h>"<`"!48-9!g%|i 
zU3_!9y
>w_'b\&&
L!+W(l
9g2(W5L%
pB &3C):
%.*mzu
8'(}nr3H
`"[,y<
10I3dx#GZ8
K>fK;gv
ic#n(W
etC$"59
Q3n=!6o6?)8
g'~+cp%wQj
">0(Z
)2?8"l<K
<7zZ3/R$
D+]Mv2g
O ()X.x
"JN>Yy
oD&46?
y:':P=D
24_T:j%
ryU?a^2$
C53Mh&1u<
K4%%Ld<l?3F.
;+?+9)K
%O^?/*G 
<a6{'$
;n'N''E
6,\-g<
1px;6T8<jM
I,}{62W
(ie#zg
y2HwhE
pC=;$2P
;-oj)@[:8
/H!:!(
H9!3E9<
1E"M9j8-sJP-:
=;;s!T6d
"#W>lq6#
,FH<56
V2h,J/M"-
7"< Nbr
?X4E::o_
@u<2xf
6\ -ud#
HG*5M1C
;^1;K'3!R
t-&A30
BN0v*3y#
Z!g"%A~6&5R
C65K'L
f$d(G"
S#?(9IE
=44l!i~
0I=n00b-e_8)U
!* /w.pB@(G:6q(
R4s< :
Ds)8)
89q$S=$`o
2e-0b
r9<t<
3<J|:;#WM;d&ub(\5Q 
<52"B15S
%:<8;q
>f~)7E? ?G+
6/%[(C,
(nal0E
#[c4,[U
dL14X\
0x+s#=m
i,"*,=Xm
&cJ,n>wU!
.1 b:C
T?$q>%
7FP&*.:9lJ<
z#:/@
%%)T f
e);b%!E
[0+y^X
+^#X%%3.44dH
.'%+,7^:
d<#G$@"b=k
Z&(#&00Y==I
{k#T64k
x<X8H9>T
DD>S0-W
m%/3[3'
? /4]*J
zA-5+$~mc8
,S+M!?V*
E$<Yf!
<< ~,>6
u8Z[-#9.
/#DK!E
+1]+6( C37L|
s0;)$^+cu
?A20xK<-
8E(=>)
'K:eJ q;
J; 0+.d)g-q.,
x:?-"L
p%+-49
!r<x>A$2
]N)R{M+Q
>c%.v)</-h
09!q%`
fd2_t&;3
v ,_B
';9>^]%y+#
***K(G
ZU*fo 
K=G&*m9~
0~4:s#xK
g7L#8k
8=K#:R
5?!zY*
Om4DG*7 }\
!%-%!N34+
41u9A
)%=~/b
=^"'/=F
so5@9D3M*BF'
.6*C [l;C.9!
r)k?)a*
0Bn>7I%t
3$O;<-
K9046{/
=>%8.+
RUx)=4TY.wY'
Q4+ ?7
GQ"-$9(,
?(C i7hcx
]*N8 `(9 
\'%e8=
#3<^2;
1(,9?Y
.+92pC<
|<(+rd
/;4@k&
<.v"e5n;X*[e.>
f6s!,dU1+=
H R;(1q
s(jq<A
';Q9"S@
](#>-;^
%R7`MU
e@;/e5)~
-,^!HR-
(0!5&P
Y!0A<8:o=
a!b(:_e
#HI+#?R(<ZE<
rP?Cg c
s(8Y K[
7E!.x%c9M6
7g1c>t
k,]3S$,6
O,!)K<U
[/I8?k;j 
g ;8;G)J6
7e.5:xl9I
`W;WK.(|F-
=n:n01
TK)}/ 
a<N80
Dr?+^
q"$9V8B
9"v Df
YS7o,*
UL*~9_
-=c]-}
_$+P=f
)98o!}
Ho"75*E2)9
<XC ct
8C~51 
[_\.0q
{Q2E*^
5G*9@::Z=g.x_
G%_"Hh,
4Z"Y?P
;"A+/nl
f7 *+>q]!z
l}4}}3J(-
v5).'H4
TN=XyQ
{,JQ/W
m;L%,3(
6&:=-)jtT\
:4Al$@
/a[*ui
~+6O+]_,F8
N'hw2~
3~87+5
X~95p1
G+J1v+Z<l8
K= aJ4$=
L`2,;4@rR
$|e$4I
K8Wj2I.
%,d)f,cO*Z: L0(Kn2e
0+8K"f
y,{a%.
,J1!d &
?n&189p4
|$xi5q
#D-Rv+L!Fu"9-
q'DN2>V;j 6p
!*$5->
=)$3\m;x
oqj:X([
m??O7J~
 Y9Y?`
==a!A>Y;P
^&'5=$?
:"L5S"x
<O5[R!c")K
;!'t>?
&0Cc1_
-$'<%Z0t
58*d^/
yu jn*F
,=\,,$
g5*;E*) 1n2

Process Tree

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe (1784) "C:\Users\Administrator\AppData\Local\Temp\0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe"
- 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe (2656) "C:\Users\Administrator\AppData\Local\Temp\0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe"
- 0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe (1972) "C:\Users\Administrator\AppData\Local\Temp\0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe"

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe, PID: 1784, Parent PID: 2264

default registry file network process services synchronisation iexplore office pdf

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe, PID: 2656, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe, PID: 1972, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
171.226.105.7
72.67.105.68
89.33.171.213
187.237.83.150
220.130.26.115
86.136.95.228
221.244.126.162
113.244.190.93

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
7.105.226.171.in-addr.arpa	PTR dynamic-ip-adsl.viettel.vn
68.105.67.72.in-addr.arpa	PTR static-72-67-105-68.lsanca.dsl-w.frontiernet.net
213.171.33.89.in-addr.arpa
232.236.47.237.in-addr.arpa
131.5.149.233.in-addr.arpa
9.95.188.231.in-addr.arpa
150.83.237.187.in-addr.arpa	PTR customer-187-237-83-150.uninet-ide.com.mx
115.26.130.220.in-addr.arpa	PTR 220-130-26-115.hinet-ip.hinet.net
228.95.136.86.in-addr.arpa	PTR host86-136-95-228.range86-136.btcentralplus.com
162.126.244.221.in-addr.arpa	PTR 221x244x126x162.ap221.ftth.ucom.ne.jp
93.190.244.113.in-addr.arpa
134.110.188.21.in-addr.arpa

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	61714	8.8.8.8	53
192.168.56.101	56933	8.8.8.8	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	51758	8.8.8.8	53
192.168.56.101	52215	8.8.8.8	53
192.168.56.101	62361	8.8.8.8	53
192.168.56.101	62361	114.114.114.114	53
192.168.56.101	137	89.33.171.213	137
192.168.56.101	58985	8.8.8.8	53
192.168.56.101	58624	224.0.0.252	5355
192.168.56.101	137	237.47.236.232	137
192.168.56.101	62044	8.8.8.8	53
192.168.56.101	60330	224.0.0.252	5355
192.168.56.101	137	233.149.5.131	137
192.168.56.101	61322	8.8.8.8	53
192.168.56.101	61322	114.114.114.114	53
192.168.56.101	55142	224.0.0.252	5355
192.168.56.101	137	231.188.95.9	137
192.168.56.101	56111	8.8.8.8	53
192.168.56.101	58005	8.8.8.8	53
192.168.56.101	64558	8.8.8.8	53
192.168.56.101	49986	8.8.8.8	53
192.168.56.101	65527	8.8.8.8	53
192.168.56.101	137	113.244.190.93	137
192.168.56.101	62324	8.8.8.8	53
192.168.56.101	62324	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type
192.168.56.101	171.226.105.7	8
192.168.56.101	72.67.105.68	8
192.168.56.101	187.237.83.150	8
192.168.56.101	220.130.26.115	8
192.168.56.101	86.136.95.228	8
192.168.56.101	221.244.126.162	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	de045db3f1916bbb_brasilian trambling masturbation legs leather (jenna,britney).rar.exe
Filepath	C:\Windows\assembly\temp\brasilian trambling masturbation legs leather (Jenna,Britney).rar.exe
Size	146.9KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`933bbfea5f4806f2687b5f5104aa2186`
SHA1	`81820303cc6433cfa996dd833693423e564d4735`
SHA256	`de045db3f1916bbb0adc5c0ec2e236e7300ce6b1492cab833ede387193283f92`
CRC32	`17676F0B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	30639d2c93351a9f_danish gang bang kicking [bangbus] .rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish gang bang kicking [bangbus] .rar.exe
Size	1.6MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd3ce6edb9da6af5438096d5be426ab3`
SHA1	`cd2d06e0dc9883e61cc06ab31f2588ce73ff187c`
SHA256	`30639d2c93351a9f07e36bc36e7224a78973e487024c28b701936d9370166063`
CRC32	`B3DAB11D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb8ff18f277dec5d_french handjob horse uncut circumcision .mpeg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\french handjob horse uncut circumcision .mpeg.exe
Size	2.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c212e1cf4b07313847a94026ce31fb91`
SHA1	`d67c26238f38ab1cd4721c6f395ee10722c19cbe`
SHA256	`bb8ff18f277dec5d6c11676a78ae0acadc27341d9252d957358008056cb89c9c`
CRC32	`B450EF36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	45dd6f04dc8ea870_chinese fucking gay several models bondage .mpg.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese fucking gay several models bondage .mpg.exe
Size	96.2KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`abfa4d7bfc8c183775e44e0026100251`
SHA1	`6ef165ff7d8d49eb49d21be01370eff837842012`
SHA256	`45dd6f04dc8ea8701c23d95a137b032b008ab8d53d5d3ddebd4e0c129e3aff4a`
CRC32	`AD639C51`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ecd5dff5f0274a2e_african cum voyeur bedroom (tatjana).avi.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\african cum voyeur bedroom (Tatjana).avi.exe
Size	1.8MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2ad5f3d78afda58187df6a33c180eb29`
SHA1	`7c91b5b9ec80ad62fca24b2ea0a257322f4c3cac`
SHA256	`ecd5dff5f0274a2e7dd35d1e51902e83f791bd5ad825aca66643859d3ed5a88d`
CRC32	`67788549`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9813ac91e34f20c5_american nude [milf] boobs bondage .mpg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american nude [milf] boobs bondage .mpg.exe
Size	2.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`af23cef05ea641da9cc5a1f68a4bd6a2`
SHA1	`2b26a9662ef7cde3e4f7a62cf32789f9accd4afb`
SHA256	`9813ac91e34f20c5fbf9aa3864272fcfd32bcc4ff38ae112c8ce16546792ab7e`
CRC32	`0AC97E1B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90cf4f6c15feab1a_animal uncut traffic .avi.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\animal uncut traffic .avi.exe
Size	647.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dfe75e89419c7a2020ea2dd49b94dbf1`
SHA1	`09e26f630eb809849d3735403d1c97a45b1c47f0`
SHA256	`90cf4f6c15feab1a6ff51d27e8188be4efa262c7210b04b59a139e7d4b32a1e6`
CRC32	`91A4DFDC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	25e3070d6d789308_blowjob horse hot (!) boobs sweet (jade).rar.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\blowjob horse hot (!) boobs sweet (Jade).rar.exe
Size	323.2KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`689ad690d63d792aeb5d91703d356444`
SHA1	`c90414771bbdc1d7b15e88abd427c5757d522998`
SHA256	`25e3070d6d7893087915bfa6a8434156bf9bb1a4211c3cb4580d7f28dfd27c14`
CRC32	`9CC5D200`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	07bef6714721415c_swedish porn horse big (gina).avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\swedish porn horse big (Gina).avi.exe
Size	531.3KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5f5948df72ea698f82b4ba0f2f11d89a`
SHA1	`c29a37ea59c4c4baf155806a4a96c98c68903f17`
SHA256	`07bef6714721415c6251af111d746538dce63a4b6df49e9e119772fa5fafe023`
CRC32	`7B93B62F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3785fdd6d73eaaca_japanese cum cum uncut vagina .rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese cum cum uncut vagina .rar.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9c09e57b3300b3258c8c597d8a71916a`
SHA1	`585b4c744142490dbf8b01b91b8b60cc57e12232`
SHA256	`3785fdd6d73eaaca72534703cf38d4e5041b5af3d4c2189a7e2ea62dccecd9aa`
CRC32	`93F42A12`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1feeb2eaf9b5adb6_bukkake beastiality hot (!) (tatjana).mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\bukkake beastiality hot (!) (Tatjana).mpg.exe
Size	476.1KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d0d2eeb519061e99d1ac9df37aff4d88`
SHA1	`0f264bfca1670ccc3ef8fa31f4fb9d0356940fca`
SHA256	`1feeb2eaf9b5adb635b623d608fd659b714f0dbc8742c66a2fafbfb6331931f7`
CRC32	`AE27FA51`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	343c7e52edda52e7_indian kicking girls .rar.exe
Filepath	C:\Users\Default\AppData\Local\Temp\indian kicking girls .rar.exe
Size	1.7MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e6ee7b268c63296aeeec1b5545f87c73`
SHA1	`741e89120ea91f9616245ce6a6b9caa8955d88d7`
SHA256	`343c7e52edda52e7bbf8945e0a4723444565761a396e605b59a16a2962079386`
CRC32	`D19DF59B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b26f744cfc9f673b_tyrkish lingerie fetish licking sm (sonja,jenna).mpg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\tyrkish lingerie fetish licking sm (Sonja,Jenna).mpg.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5128741602d32c90dc687789efd121d6`
SHA1	`f664807b4987147c36eddb880e91b74541418280`
SHA256	`b26f744cfc9f673bdcd5fe4702daa84540c33e8018509a6b73ffa86a7ee064b6`
CRC32	`5E5452CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9054a55297d987c_indian beastiality hidden sweet (christine,gina).mpeg.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\indian beastiality hidden sweet (Christine,Gina).mpeg.exe
Size	1.9MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7392be32c2f35a07ce87dd4a9c35ab33`
SHA1	`fcabbaea1f0895398e5c44d45e7a8a4941d8ab66`
SHA256	`b9054a55297d987c4eedc18db829f8df1b896f4551ab61fd671ffcc6fb4e7cb3`
CRC32	`A6EB9E81`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb41302b86c76cb9_xxx animal big legs .rar.exe
Filepath	C:\Program Files\Windows Journal\Templates\xxx animal big legs .rar.exe
Size	1.8MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`178613d6cfd99a42598797322c71b13c`
SHA1	`18770b57b11910716a99f3b9c2200a292561c493`
SHA256	`bb41302b86c76cb9ac7d7b134b5b909727c713ca45d4c8cabe9c489cabf4abf6`
CRC32	`DF3A5393`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d658842880ccc227_japanese lingerie [bangbus] .mpeg.exe
Filepath	C:\Windows\security\templates\japanese lingerie [bangbus] .mpeg.exe
Size	2.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d32a46d4bc5d3a90f3f650ef4eef73bb`
SHA1	`157149748a4fb37c0b4d514d5dc70812bd6a8875`
SHA256	`d658842880ccc22795cd8fac2e7411f02bfa9e6a0b3de37837462824297b841d`
CRC32	`80698B8A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	542ae568be564970_african beast [bangbus] (anniston,liz).avi.exe
Filepath	C:\Windows\PLA\Templates\african beast [bangbus] (Anniston,Liz).avi.exe
Size	2.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`279ba312b02e64bbe1b9ea976cf72c42`
SHA1	`474561217e826c10c75d5aa3d76559dda5002a81`
SHA256	`542ae568be564970806827529e17903dd436666822c7de0c9da911bdd44562a8`
CRC32	`5AF76E55`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	84c30ff5b3bade76_hardcore blowjob sleeping .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\hardcore blowjob sleeping .zip.exe
Size	1.8MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`93003e7db1f5cc2ad877375a468ad297`
SHA1	`27d1b5a69c67d3b8c5910b29cdaef254c6255cfc`
SHA256	`84c30ff5b3bade76f6fdd5b2f7c867a81e15422cdbc5a9b526ef4ac10d41577a`
CRC32	`88BB36B0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c9079d15e8d096e_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`578d1a9b7ec79f704d64d846f3c6978b`
SHA1	`33c122e10524aa338ce0190a5c8fcc552c46e1d1`
SHA256	`4c9079d15e8d096ef4f3f6357f057181a26064b933a20414887cb7e4bd1a880c`
CRC32	`344D5D70`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b48520eed84b34be_italian blowjob lingerie voyeur cock castration (janette,jade).mpeg.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian blowjob lingerie voyeur cock castration (Janette,Jade).mpeg.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`26cb087952c0adb4328dd42c9e62f86c`
SHA1	`ed144fc5af818619e6d7a7ee7a1d83ba9386d330`
SHA256	`b48520eed84b34be97b45f7a87a03ef75b58bc4ff2451fbe98d6678540b4afb2`
CRC32	`3D79FB2D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad0583157616f656_italian nude licking nipples shoes .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian nude licking nipples shoes .avi.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b38d8ff53cf70aae66f93a20ec3d405b`
SHA1	`e6505244f99680073286c268c78b02676aa155b4`
SHA256	`ad0583157616f6561c02ea8302d43d28f7dad10bece7de061fa0f3e26c2a325c`
CRC32	`7BE0DC67`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	291b20e35501f02e_lingerie handjob hot (!) nipples black hairunshaved .rar.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\lingerie handjob hot (!) nipples black hairunshaved .rar.exe
Size	103.0KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2d8181828c2f3f0407a301309bcf53a1`
SHA1	`aba096398141ca3728718e670ec817d46d50129c`
SHA256	`291b20e35501f02ee1bbe4ae34582efb9312fa8be4580ab4edbb90ee55d39cc0`
CRC32	`BF3FF4F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23b43d3dd313a4d0_action big gorgeoushorny .mpeg.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\action big gorgeoushorny .mpeg.exe
Size	1.1MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`be7485df80675c6ef898b6b850012584`
SHA1	`8afb69c7be50b21aa5c073a16f8f9b03315746e8`
SHA256	`23b43d3dd313a4d0b1b33eabde80834ecd09b6600a77b2f6a769e70d8fd8a3ba`
CRC32	`2831407E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	da2aef48e77f4ec9_lingerie nude catfight high heels .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie nude catfight high heels .mpg.exe
Size	385.7KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`07f1e788c432e704e8f0c36250e44bfa`
SHA1	`b528f3a1f521a216a00577428475d92735d71171`
SHA256	`da2aef48e77f4ec925c319f7e2ba9fd96ad33662cf5061afdea0a519a9023da7`
CRC32	`84351EE2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab44dc4affa24436_italian fetish cum [free] stockings .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian fetish cum [free] stockings .mpeg.exe
Size	798.7KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a5af642761647ee61876f7b8e536ff9`
SHA1	`2feb8c97d0c27b95790c9fd7bb0bc39d43c9d7d9`
SHA256	`ab44dc4affa24436db97e0e87046b309d092dd20ce745f656842241777d9cc92`
CRC32	`E957E29F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e51a1799bfa96c36_trambling gang bang hidden cock .mpeg.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling gang bang hidden cock .mpeg.exe
Size	2.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2aaa17cec13a37132de39392273a0912`
SHA1	`7881ceff95f4bd363c5c39a0c4686205a67aed06`
SHA256	`e51a1799bfa96c36c887b3153be5c3a040ad0fbffe40c6824d80dea8855c7ec9`
CRC32	`D35DE516`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	00397e49d0b6ba43_action [milf] .mpg.exe
Filepath	C:\Windows\winsxs\InstallTemp\action [milf] .mpg.exe
Size	682.9KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2de8e5394c33d89acdf9d8747ada0d8c`
SHA1	`fbe2bb479ceea9a77056bee0cab411eea995742c`
SHA256	`00397e49d0b6ba43fcf379fc548ac422ea4282583f83e09fb9a137349cdac76c`
CRC32	`DF96BC14`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd8724ba3a3452fe_handjob lesbian hairy (sylvia,ashley).zip.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\handjob lesbian hairy (Sylvia,Ashley).zip.exe
Size	1000.1KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7714701de40fab00233997a81a87c064`
SHA1	`d825a5aaafe460982ef9a12f6d67ddefc64afbae`
SHA256	`dd8724ba3a3452fe34a88bf0629f06a8e9e239e8d86c5cca9f75e5d3bf36a55b`
CRC32	`0CE3F4C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a15be813e41f4074_canadian trambling fetish voyeur (sarah,britney).avi.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\canadian trambling fetish voyeur (Sarah,Britney).avi.exe
Size	1.6MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`58bcc3bf8742d358e8428886fec1c98c`
SHA1	`1775bfbebad7551ba0dfe9467ac75bd1f1c59888`
SHA256	`a15be813e41f40740e3fbe7662d675a860c0962e3c7f15299afdf7d35671275e`
CRC32	`1E9B9423`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6055784d2913f41d_danish sperm lesbian voyeur sweet (sandy).mpg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish sperm lesbian voyeur sweet (Sandy).mpg.exe
Size	1.3MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`50633a11ff95b1952f7da8dffe5d280a`
SHA1	`29930c06086775ae20a6ff108d1a5fdd0ae311f3`
SHA256	`6055784d2913f41dd8b5d98cb28ed0e87739130760ad8470f68d3e603b641c47`
CRC32	`01B0DF8E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	721b86813bb49392_british beast [bangbus] .rar.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\british beast [bangbus] .rar.exe
Size	810.0KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dba2acb05317859a27c8db7ecbccec6c`
SHA1	`94c269f311dbf9218d18041f32668cfa102b5ac8`
SHA256	`721b86813bb493921bad48ecab9cbff01b74b1948848b3f083c8531612970c20`
CRC32	`8943AD70`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	176caab5e31546c5_french animal [bangbus] upskirt .mpg.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\french animal [bangbus] upskirt .mpg.exe
Size	510.3KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1274549f3d7b134e2e475222cacf211d`
SHA1	`6f713b58285c33c84caf592f699c1826e205fa88`
SHA256	`176caab5e31546c5b9ef31f09502c7d7ad4d1e63eeeea7f7675c716918992a03`
CRC32	`129594AC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3021f8056f060d4c_beastiality [free] .mpg.exe
Filepath	C:\Windows\Temp\beastiality [free] .mpg.exe
Size	692.2KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c126ff609083192335afe46bb7ce2f6c`
SHA1	`23bf323f7d27bcef3487eeada6124b1004160e44`
SHA256	`3021f8056f060d4cd37f03d88c00e38b94e15a1935492554e3fd2a8476634563`
CRC32	`47F564F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6dc7578dad215ca8_horse catfight titts sweet .avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse catfight titts sweet .avi.exe
Size	95.0KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b042ad76e1ae6d240c097f0c8b78dd3e`
SHA1	`03a8c50129be80706a1909b89895f086cc963819`
SHA256	`6dc7578dad215ca80b68413634b154ca72902774692f23a9f30dddc16ec1f857`
CRC32	`810C8A68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dab72951442a4f28_kicking public castration .mpeg.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\kicking public castration .mpeg.exe
Size	790.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b925ac78e381ddf866fc339beb63a039`
SHA1	`8070bdcca3852926274455b962b349bc1ae46e9b`
SHA256	`dab72951442a4f284a8fe40dd7bcc5b789db3b781c31c54e5876f28d207d577e`
CRC32	`49AEB4D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16375af49e3dea72_french beastiality beast full movie vagina redhair .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french beastiality beast full movie vagina redhair .avi.exe
Size	813.9KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0466063f0ee46087f84366be665950e7`
SHA1	`b9f6755d532ab3f70b57ef6dd65379b5fc2296f6`
SHA256	`16375af49e3dea72cc0ffb8196012d23cf4f42ea5e5c7b553dd98514b00019e6`
CRC32	`844165DC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	84df62d6f18c580a_fetish masturbation (sandy,tatjana).avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish masturbation (Sandy,Tatjana).avi.exe
Size	1.9MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4314efd0f49f713b7d9f9f971c6aa1b9`
SHA1	`7fc0a69326145056d310128af306de9e076e1777`
SHA256	`84df62d6f18c580a2c2ba8a5ac4baaf8ef5b550754d81e34cd469463967be77d`
CRC32	`C0068BF1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d2a1f815a6172cd_sperm hardcore [milf] circumcision (jade,karin).zip.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm hardcore [milf] circumcision (Jade,Karin).zip.exe
Size	414.4KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a9bcb16c88bf42670bdb7547cd7e315f`
SHA1	`c80556d2b05b4df54e78d928ee4eed246bdc4cb3`
SHA256	`2d2a1f815a6172cd62d32450022b8f50a0c2fe38efe3e257d5c38652b96b8029`
CRC32	`A012CC09`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ee3984cf1f99f43f_american gay horse big granny .zip.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\american gay horse big granny .zip.exe
Size	868.4KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`776351a3954b8ecb615797b98fb92088`
SHA1	`db5691c437f671450fd53790c1ec4609ffe2c0ce`
SHA256	`ee3984cf1f99f43febf9e8fa45e9db2c70104de08bef3328e958568713ab6922`
CRC32	`4BECFAAA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b0d95a5d4699a99d_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	ASCII text, with CRLF line terminators
MD5	`bfa82360d27a1653b7dbebc836b1ddd3`
SHA1	`e1125f249834aacdb71714b86c4dcd598c72f6ec`
SHA256	`b0d95a5d4699a99d16998e36b2842db9cff05c97f93254d6933e0f9867846802`
CRC32	`559DD234`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d819db882529b427_beastiality hot (!) upskirt .mpg.exe
Filepath	C:\Program Files\DVD Maker\Shared\beastiality hot (!) upskirt .mpg.exe
Size	785.7KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5c0ba360fa57c0e085526929bf77d387`
SHA1	`1b016f57f1461e7ba086dd70a23b992d1c2c6701`
SHA256	`d819db882529b427a1054851c40c998cc0f7f4dd347a276877c7ccb64b857774`
CRC32	`95016216`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37897f8eea5ff899_nude full movie black hairunshaved (jenna,liz).mpeg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude full movie black hairunshaved (Jenna,Liz).mpeg.exe
Size	1.8MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0b879caf138f46ef6be6ec472b69cb32`
SHA1	`cb2ee53ea0e39f274460367e9a8249677d2f1917`
SHA256	`37897f8eea5ff8993ee3bbc50946b2ce826aef547c1911fd1e295a5412bb77f6`
CRC32	`136526F6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	83cf5b7be662de11_blowjob big cock .avi.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big cock .avi.exe
Size	101.7KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1ca869bf0d95cf1849059005bce66e40`
SHA1	`7659efecdc3befe4549d5007d0e8dab6820c7eec`
SHA256	`83cf5b7be662de118b5c78ff481f8233068123141c078db05a7fb1293e373fb8`
CRC32	`97C8C225`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bf428f0269c8a322_kicking sleeping .zip.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\kicking sleeping .zip.exe
Size	1004.5KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`83ca9e416aeac8267dd13057db9657f2`
SHA1	`89df312a2b1591bc7ccd76045791bf79f181f5a1`
SHA256	`bf428f0269c8a322166b4b92614e722248bfde8336fc86d309e67d40f64e6a5a`
CRC32	`A8B701A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f685fb3c45fb7485_handjob voyeur nipples (janette,curtney).avi.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\handjob voyeur nipples (Janette,Curtney).avi.exe
Size	620.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`87011c4abbce296ce21627ee7484a3de`
SHA1	`352eb3b1af6f490fac0f8ddb2029145cfe7f2fee`
SHA256	`f685fb3c45fb74855e50121e4a28ad993caa4c6106e057059318314233727f8a`
CRC32	`EA2B957B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c3f9aa0bbef509ec_black sperm fucking hot (!) titts (jenna).mpg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black sperm fucking hot (!) titts (Jenna).mpg.exe
Size	188.1KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`12b95696033b459e879d8a1fc705cb75`
SHA1	`e861b8885e925a493be162ca9720f7168f39578d`
SHA256	`c3f9aa0bbef509ec372f0afd7a2c50542dc30652bed500a5569f66e0ec27fc51`
CRC32	`298C9176`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4626f8adf92fa1dd_italian handjob gay full movie (kathrin,ashley).rar.exe
Filepath	C:\Users\Default\Downloads\italian handjob gay full movie (Kathrin,Ashley).rar.exe
Size	442.4KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6f91fca97896112c7ea4c8fb84fdc08b`
SHA1	`43c2250401e6b57d843ff2328c9ce99026ae3a6f`
SHA256	`4626f8adf92fa1ddf90db28d015814799ad7b8e36d068aa1a49f64705b88195d`
CRC32	`9DA2AECF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4cd22826ab3ec5ed_canadian nude hidden hotel .avi.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian nude hidden hotel .avi.exe
Size	1.1MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`264683382015431fe6ce5aeb50439b2a`
SHA1	`b683b29272334da9e4197a15dd8af4f1c37b45a0`
SHA256	`4cd22826ab3ec5ed9fdf8fd9d5413b07f2df36a0cf10b8c6b4ac9391e8ede96f`
CRC32	`6B14878C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9f05b17358cf948f_canadian trambling nude licking gorgeoushorny .avi.exe
Filepath	C:\Windows\SoftwareDistribution\Download\canadian trambling nude licking gorgeoushorny .avi.exe
Size	530.3KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a1f107f62086130a46a3db9281a65dc`
SHA1	`2961e38701ea7c082201e8cb6d93cf7bdeacaea3`
SHA256	`9f05b17358cf948f388d7d45d3a6a1e590f46c1a8e8bc76bfa1a155560a089a2`
CRC32	`5EA4DDD1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a089af6154dacac9_japanese beast lesbian hot (!) lady (sarah,kathrin).avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\japanese beast lesbian hot (!) lady (Sarah,Kathrin).avi.exe
Size	1.5MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a09c6b3066cc91161ec37eb2da0ba0a0`
SHA1	`f75ba279579015dcccf9eb0545128329a6965dce`
SHA256	`a089af6154dacac97ccbf8fb61cd5e51a09e32f725742b41295fd76ce6232c85`
CRC32	`C37FFE76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c860ee28b48a8b00_italian horse lingerie girls .avi.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\italian horse lingerie girls .avi.exe
Size	402.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9130933e534964621f9ac385d5ecc164`
SHA1	`d7fed2bde01e26a86d01bd6b8eb4f10db9dfeac9`
SHA256	`c860ee28b48a8b00433d86c6ea2ea8dbf00882dccfbce7f924de51254f896bfd`
CRC32	`7B083D57`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1429b50e2739d669_sperm blowjob [free] hole boots .mpeg.exe
Filepath	C:\Windows\SysWOW64\IME\shared\sperm blowjob [free] hole boots .mpeg.exe
Size	1.0MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b255feceb2674c5a59c8ed16a94f8fd7`
SHA1	`69891cc943bdca334ad330b59992e52eaee69e5a`
SHA256	`1429b50e2739d669e7b456f9a72ffed2ec0d8c2d8ad3eed6c095644d5cd62f0b`
CRC32	`743DF6CE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4cf93774c566d905_animal sperm [milf] legs .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal sperm [milf] legs .avi.exe
Size	1.5MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5f619181e40ed157639d0212c257e23c`
SHA1	`756bb38dd2d31bf5245423d010f595f1016f16b9`
SHA256	`4cf93774c566d905dfaaf857a6ab307572ea28f6e0243ce07b59c7eb220abcab`
CRC32	`069781B2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63357524e08d28dc_gang bang sleeping vagina (christine).avi.exe
Filepath	C:\Users\Public\Downloads\gang bang sleeping vagina (Christine).avi.exe
Size	454.9KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`301376dfd996858c4184645a19c589cc`
SHA1	`fbc41010e07b9346abe34d62ea58b3d85ac614f0`
SHA256	`63357524e08d28dc87190512c795338e31e37e1703edc2cc3abd63b7a2c6759f`
CRC32	`9F33B64A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	023c3a4d5ba2d96b_handjob several models high heels .avi.exe
Filepath	C:\Users\Administrator\Downloads\handjob several models high heels .avi.exe
Size	1.5MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76e72a1ae55462e0cef8fd53e7bee34b`
SHA1	`9998eab168a90cb636fadecc814bb463644bbb59`
SHA256	`023c3a4d5ba2d96b925e626468d55c0f5289e16dd3dcc772fd7e1191ea5b9d47`
CRC32	`AF2327C5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8ced0b8b7ae73bc6_asian handjob cum [bangbus] .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\asian handjob cum [bangbus] .mpg.exe
Size	135.7KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`085000f69cec302e14d40628577312ed`
SHA1	`9abfcbacf3de14e4243ddd85ffd070cc59476f49`
SHA256	`8ced0b8b7ae73bc6071b929da8ff788ca7b70f462a0804c14d95dd794262607d`
CRC32	`F21EE920`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bac54f34a20f00ec_nude catfight .avi.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\nude catfight .avi.exe
Size	1.7MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`524b46d6bb1980130d7a630fbe59aa74`
SHA1	`c465c099c561dee9cd5baa3001ae81c62046bdcf`
SHA256	`bac54f34a20f00eccfed604d219719f714fe376115ace4724f237dcef8572251`
CRC32	`7F13D871`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ea8c895ef34f3c46_porn [bangbus] .zip.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\porn [bangbus] .zip.exe
Size	1.6MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c4493066df66ad31ba980085955e6c56`
SHA1	`fae54fc36074dba45c16fd8d31a16a4f98d744a6`
SHA256	`ea8c895ef34f3c4629c4690fb7d12d536e148436e7dcd8bb17438d387e5f21e6`
CRC32	`6B2A280A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31c2237ec8c93302_trambling [bangbus] blondie .mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling [bangbus] blondie .mpg.exe
Size	414.5KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`10837c0c8038b21ef86eceffd998ccf9`
SHA1	`651ffe679b34a54eec6a64693b47ed626d873ab8`
SHA256	`31c2237ec8c93302940a6e95ee7fe3d077f81ef5a92912ed5eb83b95c65e18ee`
CRC32	`5F31AEE2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4b47be5f0edc34ad_canadian nude lesbian (ashley).avi.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\canadian nude lesbian (Ashley).avi.exe
Size	681.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f9d6bd2fd42d9c19be436ba8294d9608`
SHA1	`e098ceef742f0df0230bfd27bc4590ef66f91762`
SHA256	`4b47be5f0edc34ad3240a9a85799af466a35af032e39790648241ed52b2d64d9`
CRC32	`F4EDC36A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9f6168858600ca09_action licking ash .avi.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\action licking ash .avi.exe
Size	1.8MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f53963ded7e6e906b2c9718b998d3f47`
SHA1	`461b55e19ae173d96de1fdbfb7be10b51a6ea317`
SHA256	`9f6168858600ca09f33410171a297e18064fd88a9fe9ea5a8603666ff7769932`
CRC32	`DDCD1352`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	df50c208108829b6_french trambling masturbation mistress (britney).avi.exe
Filepath	C:\Users\tu\Downloads\french trambling masturbation mistress (Britney).avi.exe
Size	1.9MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5b7d0d219a9ded96a9d7012c62eaf974`
SHA1	`d633790ee4c3e4dd9e5d43bb8ed8b0180c1c5a19`
SHA256	`df50c208108829b638f20e92bc9cbedff0baccb5b41b6b38e6d8de05f21fc967`
CRC32	`C364C1DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b092cb1ccc7ab6ba_chinese trambling lesbian .rar.exe
Filepath	C:\Windows\Downloaded Program Files\chinese trambling lesbian .rar.exe
Size	401.1KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`87b622d991cef70413f995440d0c68ea`
SHA1	`f345fb3397eb3025b20ac75042f529f633b7e00f`
SHA256	`b092cb1ccc7ab6ba5e4c11baed74c5cff4236b5baa3dd1f6975b07a76499594f`
CRC32	`577EF9B2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	03a5932fdeb35c8c_african handjob lesbian cock .rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\african handjob lesbian cock .rar.exe
Size	419.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3a74b5d509c3adc6e6d89f2dbe28c828`
SHA1	`fabbf779cd340ecfcf497cf22565b2f552e07ea5`
SHA256	`03a5932fdeb35c8c75ec0db9f3bcd3b623d643ae910ac51a90e6591d6c19f30d`
CRC32	`355A6F03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	71bb534eb311a9ff_american lingerie uncut circumcision .mpeg.exe
Filepath	C:\Windows\assembly\tmp\american lingerie uncut circumcision .mpeg.exe
Size	475.0KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3ed1a281727d1c25202a47bb708a07c9`
SHA1	`4bd975069ad99431ae65b84521f07f23b7b3f738`
SHA256	`71bb534eb311a9ffd4a4ab8ad4856323932273d34445f6b4fd7adb8dbb4bdfe7`
CRC32	`F7611EAF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cc8f4d94089e2c79_kicking porn voyeur .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\kicking porn voyeur .zip.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f8087583a7d01a2ee2d9a1ff18cb22fb`
SHA1	`d9c4436d6a89d01109075fb03c7eb18a6cd52275`
SHA256	`cc8f4d94089e2c79233c5e4d19427acdda0db517906828f2ed10d762db4e91a5`
CRC32	`DDC2D143`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a8b417a0ed023403_tyrkish nude licking titts sm (samantha).mpeg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\tyrkish nude licking titts sm (Samantha).mpeg.exe
Size	105.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9dfb55c0c76be894db955fcb31b12449`
SHA1	`12b21528b555b20381e9e4ac2d8aee01ad4d5c9e`
SHA256	`a8b417a0ed0234032951808baef5b8737b56f062afdcd6e9db6891b3d30d8352`
CRC32	`91427353`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	237f7e4f7a8f4825_malaysia bukkake horse masturbation .avi.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake horse masturbation .avi.exe
Size	615.0KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2431e85296826e8a21713283d5fe540b`
SHA1	`b5db7ad49bb03ad6461f276b4e85458c8bb9e607`
SHA256	`237f7e4f7a8f48259cd7bd3ad32906653d539c32758a0edcb8d5ac21b5234d48`
CRC32	`03CED590`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	af0f082c0ef2bb28_german horse big 50+ .avi.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\german horse big 50+ .avi.exe
Size	656.4KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`39ab1a486b6187d040566b1cb3264f3e`
SHA1	`0be1bd65c40391069a0eb024f9ce98f5cb7f6f8a`
SHA256	`af0f082c0ef2bb280691564799de78c3e2760e066e1e159d98a443a59d64455d`
CRC32	`4B2524C0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dcf920ab0b4042e2_cumshot lesbian hidden .avi.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\cumshot lesbian hidden .avi.exe
Size	1.1MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`db8c1336dffc7f4a0cc590032a6f9a7b`
SHA1	`05f01195c0fca43bd4de45246b0faeb09217742c`
SHA256	`dcf920ab0b4042e23b558e7d1863fa66811d41c71472f00ba41e48847fb08e62`
CRC32	`C630B1C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49363d0f0e8bded5_canadian fetish uncut ash .rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\canadian fetish uncut ash .rar.exe
Size	1.3MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`da8bc6e188c438807cd8ead180e8e367`
SHA1	`53094a259225f2ea2ba8f1d7fd655ba734099b11`
SHA256	`49363d0f0e8bded5ad23715f441bc623410b1a18a55252445a59dc7776cb16ae`
CRC32	`50EC1C75`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f92be64e78d82c74_chinese kicking voyeur blondie (anniston,sonja).rar.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\chinese kicking voyeur blondie (Anniston,Sonja).rar.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4566b2e13ef927381a66b118694db1b0`
SHA1	`941d8dc6fd65a68e38348c34a762ea656e974108`
SHA256	`f92be64e78d82c74d35b460490052583d2a40faa7c79f36f1cc41951f38b07f2`
CRC32	`0934501C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a5b651e2e2552270_cumshot several models gorgeoushorny .rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\cumshot several models gorgeoushorny .rar.exe
Size	827.8KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ba395a4e0d8c5e183abbc7917c551b8e`
SHA1	`9b7b6ef39378d01906954605c8b5baaf3ea663a0`
SHA256	`a5b651e2e25522702333ff47996d7c79bdcb4741b741155a85fabfcf5d7c56d5`
CRC32	`380322CA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1db942be86f2079b_russian lingerie sperm girls legs .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian lingerie sperm girls legs .mpg.exe
Size	345.6KB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`230ad87d8c84fa99b8cd04c139c67d16`
SHA1	`c27e5949067f6a756c3fc5c681aa5507786a0769`
SHA256	`1db942be86f2079b8659209ffe1c5ea6aaa67e156342fc7fad465d135f37c8b5`
CRC32	`1DE74DDF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	efadee46c7b944ba_norwegian horse beast [free] boobs shower .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian horse beast [free] boobs shower .mpeg.exe
Size	1.9MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5b60f9d70df2c1b40a902adc42ebbccc`
SHA1	`76ee03195637e9d4d1f6f5e37f077ff548616c1d`
SHA256	`efadee46c7b944ba802b7c29165be1fd43189c2679ba9742fc2bd9469095a80d`
CRC32	`EE7C4B1B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	892d471964b33111_tyrkish beastiality fucking uncut vagina bedroom .avi.exe
Filepath	C:\360Downloads\tyrkish beastiality fucking uncut vagina bedroom .avi.exe
Size	1.1MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7c764d8772c559db9538989247270c97`
SHA1	`996e96b263b88c1ec9efbddacae6cd425fd0c532`
SHA256	`892d471964b33111e7a799aa54af0081755e4579d75b9626a6a5871f326eb1f7`
CRC32	`234BA6D9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3f6e8de026b3fb81_gay full movie blondie (britney).rar.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\gay full movie blondie (Britney).rar.exe
Size	1.4MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa24c9b672f5d18931ea8ffe90e8293f`
SHA1	`2bbb3a340e9cb7043370f0d4616219c32589376d`
SHA256	`3f6e8de026b3fb81ff38d5a37b34e70f6cbfb07fd823b416358ab879b9f80216`
CRC32	`FAE2D66D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1de569ffec97acec_malaysia xxx licking girly (anniston,anniston).mpg.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\malaysia xxx licking girly (Anniston,Anniston).mpg.exe
Size	1.3MB
Processes	1784 (0b242dfae07a28378ef00627a5da85cea610fd9939203f3d143823d2a26c4de1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`51a1a63765e9ed1dd61801b0150e087c`
SHA1	`2356f190051f298b29a3c577aaa3ce527c662014`
SHA256	`1de569ffec97acec9a9d47e0d1fb8155361ee5b4477ff4b11005dc1368160c8b`
CRC32	`FBA4289C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.