SmartHawk

3.5

中危

60 个模型检测该样本为恶意！

重新分析

下载样本

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe

分析耗时

74s

最近分析

384天前

文件大小

89.5KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WINSXSBOT 更多 WIN32 TROJAN WORM

DACN 0.17

FACILE 1.00

IMCLNet 0.79

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.17	Unknown	0.06s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.79	Unknown	0.22s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200115	18.4.3895.0
Baidu	Win32.Worm.Agent.fj	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200115	2013.8.14.323
McAfee	W32/Generic.worm.f	20200115	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b07ba5	20200115	1.0.0.1

查询计算机名称 (6 个事件)

Time & API	Arguments	Status	Return
1727545320.312375 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.328375 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.328375 GetComputerNameA	computer_name: TU-PC	success	1
1727545320.343375 GetComputerNameW	computer_name: TU-PC	success	1
1727545322.593375 GetComputerNameA	computer_name: TU-PC	success	1
1727545322.609375 GetComputerNameA	computer_name: TU-PC	success	1

一个进程试图延迟分析任务。 (1 个事件)

description

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe 试图睡眠 799.38 秒，实际延迟分析时间 799.38 秒

在文件系统上创建可执行文件 (50 out of 75 个事件)

file	C:\Users\Default\AppData\Local\Temp\black lesbian horse public vagina 40+ .mpeg.exe
file	C:\Users\Default\Downloads\swedish cumshot sleeping (Anniston).avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang gang bang uncut .zip.exe
file	C:\Windows\security\templates\brasilian animal hot (!) .avi.exe
file	C:\Windows\SysWOW64\config\systemprofile\gay cum licking 40+ .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse action [free] circumcision .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\swedish horse kicking masturbation black hairunshaved .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\british blowjob cumshot girls boobs .rar.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian animal lesbian nipples shower (Sarah,Kathrin).mpg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\swedish gay fetish hidden 50+ .rar.exe
file	C:\Windows\System32\config\systemprofile\cumshot fetish several models (Liz).zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\american hardcore beastiality hidden (Kathrin).rar.exe
file	C:\Windows\PLA\Templates\action cum voyeur lady .rar.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking lingerie lesbian (Britney).rar.exe
file	C:\Users\Administrator\Templates\gay hidden granny .avi.exe
file	C:\Users\tu\Downloads\black fucking lesbian balls (Sylvia).avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore masturbation leather .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse bukkake full movie femdom .avi.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse action [free] .rar.exe
file	C:\Windows\System32\FxsTmp\trambling porn public young .mpg.exe
file	C:\Windows\SysWOW64\FxsTmp\african cumshot bukkake big glans latex .avi.exe
file	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang [milf] mistress .avi.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\action xxx girls hole swallow .zip.exe
file	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [free] boobs granny .mpg.exe
file	C:\360Downloads\british handjob several models .avi.exe
file	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\italian fucking [free] circumcision .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese fucking uncut fishy .zip.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\handjob masturbation shower .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\blowjob cum lesbian .rar.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\lingerie masturbation granny .zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse full movie boots (Karin).mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\danish trambling horse several models boots .mpg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian sperm [milf] .mpg.exe
file	C:\Users\tu\AppData\Local\Temporary Internet Files\indian beastiality big .zip.exe
file	C:\Windows\assembly\temp\beast public nipples .mpg.exe
file	C:\Users\tu\Templates\canadian lingerie handjob girls hole traffic .mpeg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\animal catfight gorgeoushorny .mpeg.exe
file	C:\Windows\assembly\tmp\swedish handjob catfight (Melissa).avi.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie blowjob uncut titts upskirt .mpeg.exe
file	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\african sperm porn lesbian .avi.exe
file	C:\Windows\mssrv.exe
file	C:\Users\tu\AppData\Local\Temp\american beastiality nude licking nipples stockings .avi.exe
file	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [milf] girly .avi.exe
file	C:\ProgramData\Templates\german kicking gay big stockings .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish gang bang uncut .mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\african cumshot masturbation stockings (Sylvia,Gina).zip.exe
file	C:\Program Files\Windows Journal\Templates\hardcore masturbation 40+ .rar.exe
file	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [milf] bondage .rar.exe
file	C:\Users\Default\Templates\chinese lesbian lesbian .zip.exe
file	C:\Windows\System32\IME\shared\german lesbian kicking voyeur .zip.exe

将可执行文件投放到用户的 AppData 文件夹 (19 个事件)

file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast full movie vagina 40+ .mpg.exe
file	C:\Users\Default\AppData\Local\Temp\black lesbian horse public vagina 40+ .mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian sperm [milf] .mpg.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang beastiality uncut hole pregnant (Liz,Liz).zip.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang gang bang uncut .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\gay hidden granny .avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore beastiality hidden (Kathrin).rar.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\black horse uncut ash .avi.exe
file	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\kicking handjob several models high heels .mpg.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse full movie boots (Karin).mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\italian nude full movie ash (Karin,Karin).avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore masturbation leather .avi.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\chinese lesbian lesbian .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\danish trambling horse several models boots .mpg.exe
file	C:\Users\tu\AppData\Local\Temp\american beastiality nude licking nipples stockings .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\swedish horse kicking masturbation black hairunshaved .avi.exe
file	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian beastiality big .zip.exe
file	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\canadian lingerie handjob girls hole traffic .mpeg.exe
file	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\lingerie masturbation granny .zip.exe

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (3 个事件)

section

{'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x0000a000', 'size_of_data': '0x00009200', 'entropy': 7.713058086740162}

entropy

7.713058086740162

description

发现高熵的节

section

{'name': '.rsrc', 'virtual_address': '0x0001c000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001e00', 'entropy': 7.633918786630199}

entropy

7.633918786630199

description

发现高熵的节

entropy

1.0

description

此PE文件的整体熵值较高

重复搜索未找到的进程，您可能希望在分析期间运行一个网络浏览器 (50 out of 111 个事件)

Time & API	Arguments	Status
1727545291.500375 Process32NextW	snapshot_handle: 0x00000138 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 2112	failed
1727545293.922375 Process32NextW	snapshot_handle: 0x00000264 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1156	failed
1727545296.140375 Process32NextW	snapshot_handle: 0x00000260 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545298.140375 Process32NextW	snapshot_handle: 0x00000288 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545300.140375 Process32NextW	snapshot_handle: 0x000002c0 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545302.140375 Process32NextW	snapshot_handle: 0x00000288 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545304.140375 Process32NextW	snapshot_handle: 0x000002c0 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545306.140375 Process32NextW	snapshot_handle: 0x00000288 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545308.140375 Process32NextW	snapshot_handle: 0x00000288 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545310.140375 Process32NextW	snapshot_handle: 0x000002c0 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545312.140375 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545314.140375 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545316.140375 Process32NextW	snapshot_handle: 0x000002c0 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545318.140375 Process32NextW	snapshot_handle: 0x000002c0 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545320.156375 Process32NextW	snapshot_handle: 0x00000260 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545322.156375 Process32NextW	snapshot_handle: 0x000002f4 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545324.156375 Process32NextW	snapshot_handle: 0x00000344 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545326.156375 Process32NextW	snapshot_handle: 0x0000035c process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545328.156375 Process32NextW	snapshot_handle: 0x0000035c process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545330.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545332.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545334.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545336.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545338.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545340.156375 Process32NextW	snapshot_handle: 0x00000354 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545342.156375 Process32NextW	snapshot_handle: 0x00000358 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545344.156375 Process32NextW	snapshot_handle: 0x00000358 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545346.156375 Process32NextW	snapshot_handle: 0x00000240 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545348.156375 Process32NextW	snapshot_handle: 0x00000358 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545293.968 Process32NextW	snapshot_handle: 0x00000120 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1156	failed
1727545296.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545298.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545300.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545302.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545304.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545306.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545308.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545310.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545312.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545314.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545316.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545318.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545320.218 Process32NextW	snapshot_handle: 0x00000298 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545322.218 Process32NextW	snapshot_handle: 0x00000270 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545324.218 Process32NextW	snapshot_handle: 0x00000270 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545326.218 Process32NextW	snapshot_handle: 0x00000270 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545328.218 Process32NextW	snapshot_handle: 0x00000270 process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545330.218 Process32NextW	snapshot_handle: 0x0000026c process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545332.218 Process32NextW	snapshot_handle: 0x0000026c process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed
1727545334.218 Process32NextW	snapshot_handle: 0x0000026c process_name: 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe process_identifier: 1472	failed

可执行文件使用UPX压缩 (2 个事件)

section	UPX0				description	节名称指示UPX
section	UPX1				description	节名称指示UPX

与未执行 DNS 查询的主机进行通信 (4 个事件)

host	114.114.114.114
host	8.8.8.8
host	220.145.152.235
host	74.185.22.255

枚举服务，可能用于反虚拟化 (50 out of 6096 个事件)

Time & API	Arguments	Status
1727545289.484375 EnumServicesStatusA	service_handle: 0x005bca88 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.500375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.515375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.531375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.547375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.562375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed
1727545289.562375 EnumServicesStatusA	service_handle: 0x005bcb00 service_type: 48 service_status: 1	failed

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿ>¸/\ÿÜ>>8YèÙ[l[wèÙ[¸/\n8Y°-\ÄYèúGÍø;z8ûxÿÍ_wÖQ%þÿÿÿz8[wr4[w°-\no¨-\0ü¿évY°-\Ã@\ýÜÞ°-\Øþâ@

创建已知的 WinSxsBot/Sfone Worm 文件、注册表项和/或互斥体 (1 个事件)

mutex

mutex666

生成一些 ICMP 流量

文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意 (50 out of 60 个事件)

ALYac	Generic.Malware.SP!V!Pk!prn.BBABDCDC
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Generic.Malware.SP!V!Pk!prn.BBABDCDC
AhnLab-V3	Worm/Win32.Agent.R304664
Arcabit	Generic.Malware.SP!V!Pk!prn.BBABDCDC
Avast	Win32:Malware-gen
Avira	TR/Dropper.Gen
Baidu	Win32.Worm.Agent.fj
BitDefender	Generic.Malware.SP!V!Pk!prn.BBABDCDC
BitDefenderTheta	Gen:NN.ZexaF.34082.fmJfayAwqYb
Bkav	W32.AIDetectVM.malware
CAT-QuickHeal	Worm.Agent
CMC	Worm.Win32.Agent!O
ClamAV	Win.Malware.Bbabdcdc-7358312-0
Comodo	TrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.0a32d3
Cylance	Unsafe
Cyren	W32/S-587afbdf!Eldorado
DrWeb	Win32.HLLW.Siggen.1607
ESET-NOD32	Win32/Agent.CP
Emsisoft	Generic.Malware.SP!V!Pk!prn.BBABDCDC (B)
Endgame	malicious (high confidence)
F-Prot	W32/S-587afbdf!Eldorado
F-Secure	Trojan.TR/Dropper.Gen
FireEye	Generic.mg.c670aff0a32d3526
Fortinet	W32/Agent.CP!worm
GData	Generic.Malware.SP!V!Pk!prn.BBABDCDC
Ikarus	Trojan-Ransom.Win32.Birele
Invincea	heuristic
Jiangmin	Worm/Agent.ctm
K7AntiVirus	Trojan ( 0051918e1 )
K7GW	Trojan ( 0051918e1 )
Kaspersky	Worm.Win32.Agent.cp
MAX	malware (ai score=86)
Malwarebytes	Worm.Agent.MSGR
MaxSecure	Trojan.Malware.300983.susgen
McAfee	W32/Generic.worm.f
McAfee-GW-Edition	BehavesLike.Win32.Dropper.mc
MicroWorld-eScan	Generic.Malware.SP!V!Pk!prn.BBABDCDC
Microsoft	Trojan:Win32/Wacatac.D!ml
NANO-Antivirus	Trojan.Win32.Agent.hakuu
Panda	Generic Suspicious
Qihoo-360	HEUR/QVM18.1.93B9.Malware.Gen
Rising	Worm.Agent!1.BDD2 (RDMK:cmRtazrbPdRtZzdDctOc02l21AwT)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-AGQR

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2006-03-03 01:50:37

PE Imphash

bc5994e55cbe4fadd0cc6ce15d753e0a

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00011000	0x00000000	0.0
UPX1	0x00012000	0x0000a000	0x00009200	7.713058086740162
.rsrc	0x0001c000	0x00002000	0x00001e00	7.633918786630199

Imports

Library ADVAPI32.dll:

• 0x41b08c RegCloseKey

Library KERNEL32.DLL:

• 0x41b094 LoadLibraryA

• 0x41b098 ExitProcess

• 0x41b09c GetProcAddress

• 0x41b0a0 VirtualProtect

Library MPR.dll:

• 0x41b0a8 WNetOpenEnumA

Library SHELL32.dll:

• 0x41b0b0 ShellExecuteA

Library USER32.dll:

• 0x41b0b8 EnumWindows

Library WS2_32.dll:

• 0x41b0c0 gethostbyaddr

L!This program cannot be run in DOS mode.
PEC2^O
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2fuv|r!l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV,L
xUD;OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
 7d"5Vwq'A
oaG,*
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JTI
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
 Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0 
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5##1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>lyS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1A`9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~ 
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s>9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
 274bY}D2
5M}g$O
|wu47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
GXjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]at
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYAq
":hDF `=Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
 $yERJ@k
7W@_)s
B>Qf6oeP!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>qFD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_FoO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
Lkx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z: 
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{!
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
.5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4<>kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
VkkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
 oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
 2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V)q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
:sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-IgX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,: 
^ynh*b
?!?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srVDoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
 5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
wSbMs'$&H=
g_,9?p%
!CO&:I
RGM63^/
`O$y3g:
BEgv/
dbe;LvH
#;F+d`~Hz
E@K v|$h
H[=Q]W
Mdi^h?
F@t'RmCL3
>-7%QTr
SCi1D|
i?`S6
;=DdTE@8i@
@@@D@Hh@Z@@M>@h@
@q@Ww@yL
V@0@!S@R
#2H)d
eCU_%!
pjWi3&\
GUZE7<V
Ye*9U.;l
@+r_?%!
8NyS D\
r1k6&2
#G`RL+WRE[hO
ModuHan8
Virtopc>ken*32+
[da @K
+~2>/P
H+SlM8!
{BtpyL(+
P/(#vjE#hM!"xV4
!J*YO*AW$^@f;M
_^] C[u&0Y
P<mdA4
#d9r1MB;sj!
RU9<c6
$ C|"LF;P)9!
(IRnF(
z%}<TF`<WW
gW"B&a3
;[.0Ez
D,a)u)
WH,k6C
yp' } C
r'R,,7INGQVR/
 90s$M
-G-2n>jFd
TkLb4`
cN,4+K
?/P(&H
R?!-S@
uDD3YZ,
QB9@4(
Z`;2=i2
GXH$VnR2*
}&nH+6D^
+I\q^'"
-I-@'HVW(+F
\GaP;wd(
Q j@Rf;3
]#:9F:
3!{PWQ&S}E@
F4R,tO$|
AF|Qq@:dMZh0]oM
r~$tiv"
u8BmsvrbApl
icaton er
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*u
b;M~a{g
Ptfq`ExitRPnL
C}3|Opd
?lAc:k'CAOWb!
z$U[Y9
%20kvX
`t$$|$(3
r+|$(|$
USQWVRW
ZPR3C 
Z^_Y[]
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
 8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
 ~."+1vEQL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* cZ."NF?
q<+A::
/R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a.8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"iG
|,'1sG
^\;M68(e
@,L%E_
s<0t(
k!7**<T
C[eC"c
s1a2Gq
w#8)t+
bPv<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4'
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b 
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa)=
x-5&,'iWM!],X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#?"
6H#{] 
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI(#
9=mv,v*
55\8*~
al.?"!W
 L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,SC*
)Xx%7Z;+E08d=dw
wjw/n=1q6
m+g%o2v
b>'Y;:|.Q^
RU>}9,
q5=-|
A>xs3{
uY$m4 
3p0V!/?&
59J'5f?
,:Z%l!
#'f,o=
Oq,=>_
=N3Jb0
V.Q7u{
"+j-#M=M
\\*M<XV-
Lq0St}"B()'
?1y=3Gy
-v+eJ
e&]5?R?
0xj~==>%4s
3G)}.h}V
>/V$%+
OX*\X0_
$1>Pc}<-Q
yG/o.7V4
UN9JW4
!Z-m]E;
aH0"M'#
2Gz "B$# =r
7Stoe
I]88n1
,/H8j)
n4(Q--
 b)y/ 
;iC:6&g
0/e6n|'
9:"8wH
,>j++|&N5i>!vf4"B
v!/8<j$
4',P/ls0
i%#A<)
PHI-m
$!)\mh2
d0;,3r%M
7Z&y++s6'@
=a1%w9I4
1.B&_r"
.Uo22l9
^%/y!a
<}~'ck[
0f9=.xt
$p'j,%
&?25<6(#p_{32
gd2w%]K
W=TXB>`I=
g ;3L?!0
q2Qc0"j
Ti1NZ'FH
O3,Ab.
FN3/.1S'W'%
[Q x-
!L/i#i
p/:d-j8
#@5n6="
b'_944
(<N0#=0m 
6v*s$=E
3=;@!
G4W9fS(
d68-'>
G}b2( <
79+>[41>
R2*w3v
=?9]5+p)81x5:L??!
?rm#`<9lr\
sL6q(9
%}XV"1.
\W!>=N#<
-@/Aw%
B{.|'B E7
\1q$?)
3,,+&X*Z
<&"M>8$G~
"*@)7%
0U$IR/
(eZ9iC#n-e
<<D,!|o
R`;1g+
/0#6vh5)>x3
>+p(QT)
m&&'(@X[%
(P1U:L,N+
D&="1
m)\$=
<R1.'{
-4F.<2@
H[5Lo8(&>O"o
at$!'
YM3:6C
<X-c/1
=T&i"e
j`?b8E92<|
0?%w:-$F.5$
t,`$*+%!
W5I,b?g)
z:8?9)
L/N'N(
<uR'~=
(OX.)#d
&`#M"3&k!3;X"7
)2^"Cz/&H
l)Z3K";8
^7$~(QH
(h&ek+d5g
=-7%3#
>-t^*^$.
j-(4Er1"
52d90}
y'40%_U;
}c*<\!M-(V6Oy-
-25%n%
uE=P,J
!.&&4#.,5Mq{
T;bZ)"$
=)rF?+
6oE<^,)
%7#x4g#,O<t
6!*4'35
'm*n(7As 6m
1*dr5K3$6B_
9ni>sz(
S|@8=
4(46W#p0~-
)]*R/-
)y0u"\
 1?/^0
C5X,M Yk*
NB=%uD
%?|8OI
j(ey)`2
oc+S,y,[4V@
" %)8M
%C-&u$S-
;D9!.M '-
x(?^E#R
<=*t.2Q!d
I $$[7
8Eh)8M>B<<
.*{)R#C'w
(e]?P?
,I%46jX
)O2*G^
J.F%L7=(4h
:/5p4x
za?;6
b.qu#
C0-^*[(
!=!*N
7:H/3&2
L7k9  l
ZU"/:d,;e
,{s0*A
W%<;$k9!7[3
w( w]-(=
Rc1WR:
{P/$J'
9{pN2o&"
xsgH-F0P
N5~03r
}nB&4b _=N!
[9PU8=
"-b*y*X6
N1u6%J@4~?
%+u1C>
J:2_%z>[n#
1H3cd4Z
JT2s}4
b%>&x'!
D;l'R17
V;wvP,x!"
:NYb=?&~Mv
QJq?D$
.P:L?uo5%+oY
~j4-!g
\5w9z{. #
B4\?6-B
^S%-Hv|
- Kw/I595ry
 "g(f; S*4mp*8%
*+<tv+
#Ia0sn18
",'*?1F?
;.W|3
/f(>Cd*
N,V&},8$
jEM%D
@t'F=:
!) 5LB
MnR3&i#
%3%*I.
5B@,cF<P
H-9.tv>
ELk$f0%P1M
]Y,8%=
E;v9^D
i&48j9v
0/si6,:
51-Fb6Q)n
#]P=>`
6'&}<P0%.v
O")26"
5y3a37
o>2!>!
Ja>*43
he=+?8
8N8P2 _
<";jn/t`)a
Bm#[6
f%W)F8.6
<y,{>#3
%/l,&
!!:{(49X+
OW+R51T%qo,Y
)O`.z9]
>`>;&r&+Up
&>!358
\~)o!XJM=%w
9^w&M)ZO C
,=@/GH1V1I
(Y2c(<*8j&e
0+(=u#"
a-,J*(/p<$
%9}+%!`
|Ss6O/P2
+w>7+P
R3?=z.<E'9
UtS.^$!p
?%e=&/
X3#];[79
R;y+C/B
c_/C3,u
<*s2(0*
F");$.Xw
{6{5>l!*e>6UGR>5A17+
t"no@9
!(\"f 
3#QW6TO;.":Y!
b,@<+
3i1_S*
w; j>]a
Z.GO9/f
|)p4?y
#Jw+9y9mH>
 G'?b!b"HQ
-V{8_&
3>7QV'$
.yt=3\
%ic7rQ7
 ;X4E+,(
#)D=7U>r
E0#Zi`)@'
lh7so8<8c
!",x?&e
k/f4='
FS"'v>!rS
R6~:4Z+L
1.?C$C4
q6?<52
6oq3XY
g$*?u)14w}
kA9b4A-
&&1F1y
&U.#?6V
`2$K*67
^N+%??H
r$G'+Mk"8}
0*#-g,
}&)O=[`
!1|>*n)
7U.T?wc2'i/n??S0
1==i; 
_*Ua;5
2Q,xV5
 s9>0%5
,,}6];7
X^#?$P
D2uT>
Vu1_=&42
$''@R
0W.&y#$2
^5z 4j
&68[a)'
|)c7.2#*.:;8
H3ff,S
7B;I{(\+Wn;
6&{SX6j
<b)ey59
V^.7W>*v&`#xI
6Lh!-,
1"/w~v
]9 M;$K
\*;!,!
C e>u7$
e4u>!M2g
"QI?&x6
5$./:A.4a
r=;rb4
.Vj"M2
3?^h)m8
+:{:%TA
l!d>A"
er^(6I8u>}2G"
"u(=25t
#x.[28t
i,&,,0
hK&m,X
q8m1v"
q0@-7`H
2/py^
x1N<B32t"9U
=%M#j-y
;!t2$/
2Hc#+6"
2rOY7)h#
@2.c$'
L!;=#)
<0k-3[)
Z^>k:&ds
x#;Syl
n&iJ5<
 `%B?& 5w
K3*4jc
<i M1W
"A]'np
a/V(!R0E%qav
D;05{s
T*Vu0]
2a59&Xm{<?O*d1
!,z*OGS
nr2~o5
-',JV#
H(/4k<
+i%2\;%F
 ,x%)q
r<}6mj;(/8'$
L*6CV)
K!70Z*
8'E"$k<?d{
v&<!B17L
,51<*N"C
I9J4G7W
g~9|f,O
>!wF7 G6
9j0 K!
R(5,7y
>e95pl :=
,I\-`0
)}!C#
"[.H2F
 {;Uv-}:
1}J1p-w
ll(-/,7D%A
Y3|;9NX
OhW?\&
M2W.b%7 
'H9&Vi
`%=!.o
>X0Mh)Q.'
&8F*C>
<(3d?I#*7/
 PP:DM'
wi7,=>1I
,h*j:4T
"<D?'*(
Q65%|!
{%FIU7
E;M8%F(
g'g`/`U
<U<y$Xw1a
4586ys
Y2B:&"
q/a7>Li1C{q6X/
%8a.E:#u,B/
<t("m.<\;!
B7~/I(
f%{h<cj6
)}:nW
4%+>6=
Tf7*kC
x&x%E.>eV",0
0Q8v1|;6S0
=F)|`7:])Z
7E7/n2b
o!CW7v?
"_.9z$8
y;+z{1R:M2&E
A)I #V\
(0M%;e 
t/C#($j
%1*=a w
@0J7y+\P56x
tg;Cl(9r
,k><L>
KT/6:'
sk=5h<!9;
2G /eO-
 -p0!:
n4<#5
{9O0y<1,$
3<|%G7;m
BF=E:F
 k0`"I+7F5So ^cF
;h<0S0
-xw'2=A7i}=vc8x`
n3RN=I
h-!5_0
Q*'TUQ,
'x '`2|_I
|<(/!J-x+
z2N58}o+n
/-T6-2'O
 "o<bz
6#Vj._!N
T0o+$I:9JV
]%"&'%'%l
5@/9$.D
sN(f!ka(8
s&{|<j:)c,[
6) 5M.gmD
u(j'(9
1fU6~*
?%v`s(O<Q
?N<j$!T
5Z,\"-Z/
Gr<1$`
oJ&~('
>&V(-7%@6;y>0M_8
tKo:S7/
E,/,> V,
"rG H4
m+p<L6
K7:-<DM
R(;)x)?
84>"90F
:[<:=!
)<k4K
/9<(""B
|3#Df>FG
U-3}Y&3lt:#t
#m9o#!2YS
O3yy.@
Y ++&,Mb
)1&{3[
1@y$;J
'3d+%^'T )
#r4)^:
"Y8'o$
{0h.3ci"*=f
t2/ '3"Z/
9KyW%f
5=kp2W
.x?Z4R
$O)go!
!:<s&=
7nz >s=44
'@!O(x
(2 J20
:T4f.vZ5&!'
?al#D<09
T J=S"~
7z(9 $`h!
,!_DS>
y/z,EQ
)X;kQ.
KY5#;#.+
10u1<n4D>c
'sai%LL
+Z.V7,
f+\}-ff
j;9euG8L/
=Ut;n`
F;xB.Z[
S$?I#qKv<1=
")Dw(~!
\0-<6@
qv<23}(UTO!KK$!ua$
r7JX-
5N-?-/
|a$_?87
O0o-;%;2
^tI&.Z
'q:\7%P
481Z<@$r
%K5)L!l
x-O&<
$[N+*Gt3tu"a
"qGi}
08*o#7
B'K )P,6=
!d-0LY*W
Ro gq6
X+^=,6U%<|H)=
?z-"@!D5k=
l"~j*6h-):|+Qw
?UW)d6
i-x7-'c%
%>-[7l"
:yTw<m73w&;Cc6^

Process Tree

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe (2112) "C:\Users\Administrator\AppData\Local\Temp\03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe"
- 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe (2492) "C:\Users\Administrator\AppData\Local\Temp\03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe"
- 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe (1156) "C:\Users\Administrator\AppData\Local\Temp\03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe"
  - 03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe (1472) "C:\Users\Administrator\AppData\Local\Temp\03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe"

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe, PID: 2112, Parent PID: 2336

default registry file network process services synchronisation iexplore office pdf

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe, PID: 1156, Parent PID: 2112

default registry file network process services synchronisation iexplore office pdf

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe, PID: 2492, Parent PID: 2112

default registry file network process services synchronisation iexplore office pdf

03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe, PID: 1472, Parent PID: 1156

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8
220.145.152.235
74.185.22.255

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
235.152.145.220.in-addr.arpa	PTR nttkyo880235.tkyo.nt.ngn.ppp.infoweb.ne.jp
172.166.136.10.in-addr.arpa
255.22.185.74.in-addr.arpa

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	57665	8.8.8.8	53
192.168.56.101	137	10.136.166.172	137
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	51758	8.8.8.8	53
192.168.56.101	52215	8.8.8.8	53
192.168.56.101	62361	114.114.114.114	53
192.168.56.101	62361	8.8.8.8	53
192.168.56.101	137	74.185.22.255	137

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	220.145.152.235	8

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	e95b58e894085623_spanish gang bang uncut .mpeg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish gang bang uncut .mpeg.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`4035cad2521593d6ee6abc511794f6a1`
SHA1	`5dc85dff3b2a12411bc4449b2e17cd63b466091c`
SHA256	`e95b58e894085623882abcc10162a48bfae01d9b4383154f3b8bfef5cb5fc1dd`
CRC32	`CEE1F0D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	82f600291a851700_beast full movie vagina 40+ .mpg.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast full movie vagina 40+ .mpg.exe
Size	220.5KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`ad5a6fe503de5e2195825ab4877cfb46`
SHA1	`1666486f04bdaacc2a2b4a98abb0bde2bc0e1179`
SHA256	`82f600291a851700bcc4c26798b45209afb9ebd3a8fd17382c4a059abfadeeb8`
CRC32	`06C08D9C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	be03687cd9be82c6_african sperm porn lesbian .avi.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\african sperm porn lesbian .avi.exe
Size	1.2MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`03b7812af53b07fcc4d483898e4bd767`
SHA1	`e9eeb328d0cd00b2900fe251cb34900aaf7c6c89`
SHA256	`be03687cd9be82c61ca4804a453079040e2fc1be40c9327d18ab027605ea3a75`
CRC32	`3BBC98FA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c5a0d58151d3cfae_blowjob cum lesbian .rar.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\blowjob cum lesbian .rar.exe
Size	1.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`ccdb276e773e2d985352c45113d8b0d8`
SHA1	`6d3dad431688a8c7594a655d75f4ea1d0a77f171`
SHA256	`c5a0d58151d3cfae3ad63b034ff35e1b8de521de34ff2fe564776b3babd6efe9`
CRC32	`48F170EA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c2dec6bdfe68189_cumshot fetish several models (liz).zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\cumshot fetish several models (Liz).zip.exe
Size	384.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`5e7b2e5043b453d395fe346f3e247755`
SHA1	`4ec17d106ef5cf92134ab6edee012e33d92b0397`
SHA256	`4c2dec6bdfe681896ff1c9ef6c852c738012f6955856032438b8886ae3119816`
CRC32	`43EB8064`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a2a892e39c1d81f_african cumshot bukkake big glans latex .avi.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\african cumshot bukkake big glans latex .avi.exe
Size	2.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`c4e793d2bcfe57b49856ea06d9ceffa6`
SHA1	`b50bfa25786452b8ade62d8600d79d0d67f8c078`
SHA256	`9a2a892e39c1d81f732cbb88ab5391210228475084b38657cdea39c41e8dd445`
CRC32	`913DD814`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4900e5fa1fe94468_black lesbian horse public vagina 40+ .mpeg.exe
Filepath	C:\Users\Default\AppData\Local\Temp\black lesbian horse public vagina 40+ .mpeg.exe
Size	1.6MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`5f0a0b7efcdc9c07baf07267ebaa02a7`
SHA1	`a42af49bc77dba572c30b71a15a277211cc49c29`
SHA256	`4900e5fa1fe94468f5277ef624d6a1c35bde6216d150819cb167dbcc8168f5c8`
CRC32	`3BD496AB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4fa48b8dde0b0ae6_russian sperm [milf] .mpg.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\russian sperm [milf] .mpg.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`606c51884afa5d7ab57455b927f6a72f`
SHA1	`43147f6f8f89ca13950fea4493c2390a20525dd2`
SHA256	`4fa48b8dde0b0ae60633f44ad805bf3f3f904788663736dd6c476216d9d66f6f`
CRC32	`9A055D20`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	725d54a35fc42c05_gay cum licking 40+ .zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\gay cum licking 40+ .zip.exe
Size	346.7KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`f4332f7cae9f5c3ae5aff7ece4c5371e`
SHA1	`dd6554b7b1602f58e9c750f9c0567561ab370966`
SHA256	`725d54a35fc42c05060ac5f1067a0520cb83ef5e07ba5c394ae59f801d80fc28`
CRC32	`4FB66873`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e50479da3c3417c_horse [milf] girly .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [milf] girly .avi.exe
Size	359.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`e0323abecc94185c73d914691103b6bb`
SHA1	`b1d8e4c385fc67d079224231783925f2567ae89d`
SHA256	`3e50479da3c3417cfee27bd1c94abcbc087af29a0d13607e329ff70b52f3c33a`
CRC32	`7ED48C50`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	734abc3dcd5f892b_brasilian animal hot (!) .avi.exe
Filepath	C:\Windows\security\templates\brasilian animal hot (!) .avi.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`b767572b92836e3b68565c363c92a1d3`
SHA1	`dd1b0fa0211ab41db214ef24d4cd50f046ad8799`
SHA256	`734abc3dcd5f892bf4c705130caee68895984bfb530483b584984625122346ce`
CRC32	`A17FAE91`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39bff932284350b1_russian gang bang beastiality uncut hole pregnant (liz,liz).zip.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang beastiality uncut hole pregnant (Liz,Liz).zip.exe
Size	1.3MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`ec86904614d7938156db6fc1b9538dc9`
SHA1	`b04f1a2f5e7991eb5ce628bc7f926f0aa1b48b19`
SHA256	`39bff932284350b15455966371300056815f2ddb68c931cb5aa315595ff9d416`
CRC32	`F2136232`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8e2f91778c7c9c76_mssrv.exe
Filepath	C:\Windows\mssrv.exe
Size	631.7KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`4831fe1f9e81c4e57c269ab13be5abff`
SHA1	`ae69fd81adb217dec3dc946fb5f608fe649d00be`
SHA256	`8e2f91778c7c9c767f8456bb57b33b36941bcf3174aa60eb28371c3f921405bd`
CRC32	`019D3F37`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dfce9d93f9479a57_action catfight feet beautyfull .mpeg.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\action catfight feet beautyfull .mpeg.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`f2041c6b99c4797488a7ecc7ea761669`
SHA1	`8e78eb77e1cabd9b5c8c687bc66aca453a913705`
SHA256	`dfce9d93f9479a57d9bab408883d9cbeddc6523219c23d612ce76a7a37c8b9ed`
CRC32	`ECA3D6E0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f596080a2f029e48_italian fucking [free] circumcision .avi.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\italian fucking [free] circumcision .avi.exe
Size	242.3KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`fa8f4956de0430681553b391718dd066`
SHA1	`de95488e0aaed6f9498e5daef2b30b57c6a590eb`
SHA256	`f596080a2f029e48fae6b18414cce10849d118f2783148725ca7cc30035cbe7f`
CRC32	`759B6F83`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	974cd128d0ba5fdd_lingerie blowjob uncut titts upskirt .mpeg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie blowjob uncut titts upskirt .mpeg.exe
Size	860.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`1b304787960e1cb8eb5c314516e78eb8`
SHA1	`6c90ce0c32c3f7771cb5297e7ae0faafec342c17`
SHA256	`974cd128d0ba5fddf55cd82a8b37b62aedccb30b5f5bdec8ce8b78ed4b05edbc`
CRC32	`AEC5A501`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78b4181200be044a_black gang bang gang bang uncut .zip.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang gang bang uncut .zip.exe
Size	444.5KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`3363ca0e5c90f3c4c1eefef593903fc1`
SHA1	`9730f593902882b741621abb671d40c95ae1d5f4`
SHA256	`78b4181200be044ad610f2a16bc4369cf6a267c1ff0812fe40022ba62b01ad39`
CRC32	`3C36A7EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f39c320318a69797_kicking animal voyeur (janette).zip.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\kicking animal voyeur (Janette).zip.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`35f90c0225e17274f2a3cf4b9c6765a6`
SHA1	`5a1fe6bf6c745e05305690b3fd682b0b0cecc53e`
SHA256	`f39c320318a69797c74040b5dd4524a8456b8ac179ea7d15df07243d6258c072`
CRC32	`246A51F2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7a327cd52bda4290_horse action [free] circumcision .rar.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse action [free] circumcision .rar.exe
Size	2.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`51bc0312e13df03402522f4cee3a8238`
SHA1	`4aaf447f3795dfa05a49c96577cd61b96d0e9511`
SHA256	`7a327cd52bda429000dbd8434bd5521132a1bbce0cd1a7a85a3072230bc2eed9`
CRC32	`9661C606`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	db4f1bf2fd8a2986_horse [milf] bondage .rar.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [milf] bondage .rar.exe
Size	1.5MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`43652bb799ee3e8fbbd46d1ba902e3c7`
SHA1	`2c5afde0050baec95e508d3453507e93431edd75`
SHA256	`db4f1bf2fd8a2986a496fbffe6ee15522d3dd25669ed1228e271af61846947a5`
CRC32	`3E3099C5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	831d6ec015c868de_action xxx girls hole swallow .zip.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\action xxx girls hole swallow .zip.exe
Size	1.7MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`8e00500ee9fcb24ab61ad7b5041ae1bb`
SHA1	`d46a56a24313619ac681b9bccd82cc70d32a540c`
SHA256	`831d6ec015c868dea4a9f734e51e398456c62315b558253feca667a7eb01f427`
CRC32	`39C7C3DC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1ec461ae4711718c_beast public nipples .mpg.exe
Filepath	C:\Windows\assembly\temp\beast public nipples .mpg.exe
Size	609.0KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`839637a19ea7d9ae57dd9442b5f23390`
SHA1	`b52157b3cd9b2600739af110fc452b5868b6daff`
SHA256	`1ec461ae4711718c03b84bb8e0326be426b5e12203297f8c64f2d78d8f835b20`
CRC32	`96B730C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2c49448dada25a0_handjob masturbation shower .zip.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\handjob masturbation shower .zip.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`95d837b7ba2f5311d4ccc969ce7d123d`
SHA1	`c0ac9de845e0d5821953443ca979cf6e5b478638`
SHA256	`c2c49448dada25a01bf4925311d8146ffbed1650465c44a5f94c16e1291248a6`
CRC32	`AED42C63`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31fed55112be19d8_fucking several models bedroom .mpeg.exe
Filepath	C:\Windows\Temp\fucking several models bedroom .mpeg.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`048d15d726131a596c5abcc26d6dcca5`
SHA1	`4c3c4a863f26466c0de008438dc18ec4ecdd5a1f`
SHA256	`31fed55112be19d814bb49325723f27444975c811a0de1cb0b07b7fd625f7102`
CRC32	`C2187D76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f8add0c966de2023_beast horse [milf] lady .avi.exe
Filepath	C:\ProgramData\Microsoft\Network\Downloader\beast horse [milf] lady .avi.exe
Size	642.1KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`37689bdcda8cc8915b91e109d492c0f6`
SHA1	`3225b9add8a242484be3805beb963357d453e7ad`
SHA256	`f8add0c966de2023dbc57cdfed5bcb68e45e1a0187ff943acec8ee6e791f2f6c`
CRC32	`FAF57DE3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	019df2b612d335d2_russian porn girls leather (britney,curtney).avi.exe
Filepath	C:\Users\Administrator\Downloads\russian porn girls leather (Britney,Curtney).avi.exe
Size	912.0KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`101388537ebd739180d3cd6918b7d492`
SHA1	`97c7f2c6c3a2747bf03be6b963bcbd8cfa02732c`
SHA256	`019df2b612d335d268af9c822caa844ef6570dcfd1635c5bef4897ebf04dd08f`
CRC32	`675A9E83`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	779eaf4449ef5185_fetish bukkake [milf] feet mistress .zip.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish bukkake [milf] feet mistress .zip.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`9c93669bd67d4ff80c0c9bb0ef4ff902`
SHA1	`08744e3cb63fd277b159be58e9a6370d00185ab5`
SHA256	`779eaf4449ef518506faad8c1caa6a57b84e12c10247335b6d723865e2cc143b`
CRC32	`2EA5F51E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	df3053154dbb6ce9_horse bukkake full movie femdom .avi.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse bukkake full movie femdom .avi.exe
Size	1.7MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`46b76439c993d547d2ac7988ff2f8bcd`
SHA1	`96b85ae5e460c5e823fbac3a01205dedc71e7f94`
SHA256	`df3053154dbb6ce92b6e72d5df2bb87b794a7f2368599d2c26dce29038cf357c`
CRC32	`7A481F0E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d1441c0251c0f60f_gay hidden granny .avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\gay hidden granny .avi.exe
Size	1.5MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`c39b905580d284887c4e26ee7a739ec2`
SHA1	`856606ca1831233f24478b6ac7c56d767ecd1826`
SHA256	`d1441c0251c0f60faf5d82513e10db57e0217ede20bad8e54bfea310524c51d0`
CRC32	`37BF4EB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b58b613192711ee5_hardcore masturbation 40+ .rar.exe
Filepath	C:\Program Files\Windows Journal\Templates\hardcore masturbation 40+ .rar.exe
Size	85.9KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`aa995c61ee7a6d6ebaf09f8d0a06a0f3`
SHA1	`b54c748f441308c40c9690d01a89419cbe03eeef`
SHA256	`b58b613192711ee5aea8432d9e8e00d241b863f1f8c4c4d033189f93890ec2d3`
CRC32	`86A8BC32`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	652af5094019d4c6_animal catfight gorgeoushorny .mpeg.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\animal catfight gorgeoushorny .mpeg.exe
Size	1.8MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`9ce2b6415e2eb34973ed3c163e0b841f`
SHA1	`0ea5631ee20120b2f311dcd752fd49ac5640dcb9`
SHA256	`652af5094019d4c679b575e2626fbf8cbe63531c9d4447b965a1ebbb38ac03a3`
CRC32	`75C5F5F6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	04caee4059705a10_american hardcore beastiality hidden (kathrin).rar.exe
Filepath	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore beastiality hidden (Kathrin).rar.exe
Size	1.6MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`b7d0d55530640e7732cbd683e72dd6b7`
SHA1	`a68a503935ab5022da87e2e030c7505c706e52e0`
SHA256	`04caee4059705a1077eed28a02476a1b5c265152199306183abd2a388c93a211`
CRC32	`624A9798`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a24c431e9fde755e_beast bukkake girls bedroom .mpg.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\beast bukkake girls bedroom .mpg.exe
Size	1.7MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`ca5ad2b33217b16a54a92dc3ae9fa0a4`
SHA1	`45c5ec5d9c2a05984bbd33e386bee1975f8da133`
SHA256	`a24c431e9fde755e7779c4c4cd163ce340fe01556ef25c9340a712a413cbed6e`
CRC32	`DFA5C616`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d14e9f7781378453_tyrkish nude cumshot full movie hole upskirt (jenna).mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish nude cumshot full movie hole upskirt (Jenna).mpg.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`b2d06222c77ca51043258f0746cea34a`
SHA1	`76e8b7c545abb861f7ce199248bd588507b82ebc`
SHA256	`d14e9f778137845347550d381a5d17661667831734e7e68ed883f3f979031f27`
CRC32	`1DA42FB3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b14003d59e2e9533_horse [free] boobs granny .mpg.exe
Filepath	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [free] boobs granny .mpg.exe
Size	1.5MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`7e8ec9c5a710f619dcff03e02fba2abf`
SHA1	`3a9ad608db2eb629a36834de8ee2e49337ab29d7`
SHA256	`b14003d59e2e95335069ac1f120a07138979a611618c3c28ebdfd69aa8be0ea7`
CRC32	`93A79135`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e4fc36e3b567d62_fucking kicking hot (!) girly (sonja).zip.exe
Filepath	C:\Windows\winsxs\InstallTemp\fucking kicking hot (!) girly (Sonja).zip.exe
Size	1.9MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`f18ac43a1c473113a0a8e8fe3c7ec2ba`
SHA1	`df688e4138995adbe70dbf6385b3d617f8c02921`
SHA256	`3e4fc36e3b567d628fb6d3e7f244b9a6cd310f48b46bbaf4c24c9dbd4bfec437`
CRC32	`4B90A7AC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0e1fcd20ee6877c5_action cum voyeur lady .rar.exe
Filepath	C:\Windows\PLA\Templates\action cum voyeur lady .rar.exe
Size	985.4KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`769f23a070da947618ad8e1962a62c84`
SHA1	`63202a96b71a24e9e73663e7f7131c8c383ce48e`
SHA256	`0e1fcd20ee6877c57632c0a8f314b71b6a6abec29e8939ce813bfb34dc278e58`
CRC32	`97AAE091`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3bf3cd710bf07d3c_black horse uncut ash .avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\storage\temporary\black horse uncut ash .avi.exe
Size	2.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`a7f772a4f4d2e04ddfe3dc376824ffed`
SHA1	`0cedce6f962141b9202675ba03de100616334046`
SHA256	`3bf3cd710bf07d3c9584deffaf7818c2b04889bb4da5ad3411cbc115929615b1`
CRC32	`8A64493F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f91f303e6583ca0a_kicking handjob several models high heels .mpg.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp79750.WMC\kicking handjob several models high heels .mpg.exe
Size	388.0KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`0d589e24258688d3f973a15142c6317a`
SHA1	`913fb888217849658ca3f0bd7d3bdbb7bd4a43a8`
SHA256	`f91f303e6583ca0af30566c4d7e3495f34a2a47d67b014d5a9371db1730ef03a`
CRC32	`81459FAF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1f940c6210a28f3_action full movie leather .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\action full movie leather .avi.exe
Size	452.4KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`35a54d85fc317669f3396248b0512bea`
SHA1	`e0336c8440832d8a66494298a318d8cf560641f5`
SHA256	`f1f940c6210a28f3f7e6b92dffd3ce0e71d86f202cc54c4ad60f4f5c6a476a60`
CRC32	`FAA7DF1E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eaa80b1598d707fa_tyrkish horse full movie boots (karin).mpg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\tyrkish horse full movie boots (Karin).mpg.exe
Size	1.8MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`61444d18efffe526f414ac6b8f7c89b3`
SHA1	`a80d3de7780d69ddd01a2b951ea6de170511cdad`
SHA256	`eaa80b1598d707fa04bae54769bc7ff26719f2591b1a12bef64b927a732cad82`
CRC32	`6B3962C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16306d9cbc7d235c_italian nude full movie ash (karin,karin).avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\italian nude full movie ash (Karin,Karin).avi.exe
Size	1.3MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`85a5ae7cb2795cfa952ed887d2b9a0e5`
SHA1	`c4974f8476033489d99778963238cdafa66841b7`
SHA256	`16306d9cbc7d235c60d844fac8e9fbf8e8347cb2f6ea80713e12f2bf5c53f32d`
CRC32	`C7927382`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2a101ca7106cf5f_porn horse masturbation black hairunshaved .zip.exe
Filepath	C:\Users\Public\Downloads\porn horse masturbation black hairunshaved .zip.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`a6bc0c32fde0b84eb025598c314d221f`
SHA1	`df0087acb43c50e88a61fc33bf8cb681593cbf7e`
SHA256	`c2a101ca7106cf5f4c225e145868a76a491165fc2c5479b8613ac2b80f88b769`
CRC32	`6143FC8F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23164e9926c9ae86_german kicking gay big stockings .avi.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\german kicking gay big stockings .avi.exe
Size	1.5MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`a92baa118ebfa39f23dc49c973eef8f3`
SHA1	`8d3d4a66ae30f79c282ef938775a265e8e205db6`
SHA256	`23164e9926c9ae862d786539d043e62968df792e52837ea19559661b9ec293c6`
CRC32	`F5151C7F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4569f36badb15070_cum lingerie big cock shoes .avi.exe
Filepath	C:\Windows\SysWOW64\IME\shared\cum lingerie big cock shoes .avi.exe
Size	359.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`b93a2c35685bc120e1940125b61e07f0`
SHA1	`459d73f5ca637d7b3a77bbed7479052fe6b29e54`
SHA256	`4569f36badb15070bffa16802feb146424b9badb3d2d8d050dc16b0754291868`
CRC32	`6C18EAD4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bab1cd6f5fa13229_italian animal lesbian nipples shower (sarah,kathrin).mpg.exe
Filepath	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian animal lesbian nipples shower (Sarah,Kathrin).mpg.exe
Size	137.7KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`d02e8428d0cefae63b3a61266578dcbd`
SHA1	`9528f9216b133587cb8b3f03a369e3979f580db5`
SHA256	`bab1cd6f5fa13229e532bc96b420d7f19d0af8c63e336c19ad17a61af3668b60`
CRC32	`DA944B2E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5643298634868eff_debug.txt
Filepath	C:\debug.txt
Size	183.0B
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	ASCII text, with CRLF line terminators
MD5	`8594c72bf15387c648c47865b8df8f0b`
SHA1	`a75ffdfd985efa7ad04387848d49b1754474b619`
SHA256	`5643298634868effec6447ca658735a12bb525766c4cb88478c76d363b027306`
CRC32	`99575C4C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	033e9b31285795c5_hardcore masturbation leather .avi.exe
Filepath	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore masturbation leather .avi.exe
Size	638.4KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`c6eff12d8271abcf8d5f2848d2163e1b`
SHA1	`45f8c843f9ba6cc94edc2c40a3ec5764aff2229c`
SHA256	`033e9b31285795c5bc7455c1505170642354b064cbe1dfc20add08c3803acb29`
CRC32	`AAAB3111`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e28e484aae95c8d_trambling porn public young .mpg.exe
Filepath	C:\Windows\SysWOW64\FxsTmp\trambling porn public young .mpg.exe
Size	2.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`887b6c6ab0a7869502aeb2b190bf0419`
SHA1	`c5dcb17eb8e72097d319543d3dd04ad181a3bf0e`
SHA256	`3e28e484aae95c8d71d55ba56ff40f43fb10456f00f190d4923932feff9536b4`
CRC32	`04B1E2E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	04762f7185a7282b_italian cum lesbian hot (!) (curtney,kathrin).mpeg.exe
Filepath	C:\ProgramData\Microsoft\RAC\Temp\italian cum lesbian hot (!) (Curtney,Kathrin).mpeg.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`fc25c261df090085fac623226f2b99f4`
SHA1	`cac757cf6139f8f90c601d091eadcf18872f5e8e`
SHA256	`04762f7185a7282b2338c207aaaf361b2e99789095bb52486a6c071a1c7cc554`
CRC32	`77E6F31C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b67e8b6dfaf50ba7_chinese lesbian lesbian .zip.exe
Filepath	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\chinese lesbian lesbian .zip.exe
Size	1.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`35b28f514209fe8cde8165c80eb9b09f`
SHA1	`67d284bffc198f4c723a0caf207d776d1ec82c16`
SHA256	`b67e8b6dfaf50ba7049a29d045c0b64d9bfbe50cce7ead749a8c8123549efe16`
CRC32	`6F11F76F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3924ec551e12dcf6_japanese fucking uncut fishy .zip.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese fucking uncut fishy .zip.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`cc18bff6288718992f8b5061315a41ce`
SHA1	`c682255204f88443ab9088767cde02b7d4e22128`
SHA256	`3924ec551e12dcf6cd20424546e8f27c7614bc938be6438eb20080c715f259a2`
CRC32	`950DC3AB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe51b8140d6ff9f3_swedish gay fetish hidden 50+ .rar.exe
Filepath	C:\ProgramData\Microsoft\Search\Data\Temp\swedish gay fetish hidden 50+ .rar.exe
Size	2.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`12422a27aec95939bdacd77429487834`
SHA1	`287d714447d3fb9b9921eee81c4aee15e8063af8`
SHA256	`fe51b8140d6ff9f3193cf83763ba0d5ccb8413c11381d6f1afdb2c67489334ac`
CRC32	`9063487E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	51a52775345cac24_black fucking lesbian balls (sylvia).avi.exe
Filepath	C:\Users\tu\Downloads\black fucking lesbian balls (Sylvia).avi.exe
Size	1.4MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`c2b34ec68d687e07c25c22b90260816f`
SHA1	`427acdf070d957a76d639b84252cc4f3b915f4de`
SHA256	`51a52775345cac24ec6464a72a4f566aa66e921896c83caafb47480da4bfd520`
CRC32	`7BB2F7DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a6f3ffdb0c7f8e5b_fucking lingerie lesbian (britney).rar.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking lingerie lesbian (Britney).rar.exe
Size	584.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`b3ef14b6e9e083c4d8e88040e40d04da`
SHA1	`2c809103dc9aa10e25230b9ca15c5ab2d5652a3b`
SHA256	`a6f3ffdb0c7f8e5bbffd5cff11d9e026fdaf80f9614ae179e6a52fff5d954ff0`
CRC32	`6DB66289`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6a0ad86de8890123_british blowjob cumshot girls boobs .rar.exe
Filepath	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\british blowjob cumshot girls boobs .rar.exe
Size	954.6KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`9b05e8ffc24dfe2a38c96757a703d9eb`
SHA1	`5cfe1d4a7e585252ddac7837859c51bdaf1411e2`
SHA256	`6a0ad86de8890123b443a77820861e30e57aa73e94efcdd4978e0d05186d3fb3`
CRC32	`704740E6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23ef370ecddae35f_african cumshot masturbation stockings (sylvia,gina).zip.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\african cumshot masturbation stockings (Sylvia,Gina).zip.exe
Size	391.5KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`e34ea04d23d46d8047cfc26b340760eb`
SHA1	`d374c2ab606ef49958c003a2b8e09508b9ca3df3`
SHA256	`23ef370ecddae35fb573d10aab75065488a853bf52cdb9b0f68b86d5d74abc3e`
CRC32	`77405451`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b00b839456e32de_british handjob several models .avi.exe
Filepath	C:\360Downloads\british handjob several models .avi.exe
Size	1.2MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`5cf94fd08c00b1faf8f242880be85a6b`
SHA1	`8c4c60e89f4856f4f09217a63d88f0138de6ef57`
SHA256	`5b00b839456e32de400c0ea6cd4722607768a4bc6c390aa26f88d163be58ac8e`
CRC32	`3C7E4CDB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5fc99a7901737925_german lesbian kicking voyeur .zip.exe
Filepath	C:\Windows\SysWOW64\IME\shared\german lesbian kicking voyeur .zip.exe
Size	99.5KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`562581ce40c79d690f9d1c01288420b3`
SHA1	`8e4805e9ff2417655f27e54fd9f87e296ebde84f`
SHA256	`5fc99a7901737925343fc41c95fb6a035f8345c7ae896aef1fe89ef3bb5faa38`
CRC32	`3FDD2E1C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b8fe75e8440c7a05_swedish handjob catfight (melissa).avi.exe
Filepath	C:\Windows\assembly\tmp\swedish handjob catfight (Melissa).avi.exe
Size	1.8MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`3dace651982400a21075f9b877e31b71`
SHA1	`079bdcb69ff31cd2e1dee59b42a8436e32f1b3fb`
SHA256	`b8fe75e8440c7a05ea068935a53967a8cba72f1482d2ab86c702986b8024126c`
CRC32	`6051D429`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c99e88a0febb2d6_tyrkish gay licking circumcision (karin,tatjana).mpg.exe
Filepath	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish gay licking circumcision (Karin,Tatjana).mpg.exe
Size	1.2MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`80d09918259408a0dbc0ff65d6008867`
SHA1	`f8b12cc716475993e3cd9159a506f677828b567a`
SHA256	`6c99e88a0febb2d61533dc8e543f506a2222cd70b2b0d3d5929c64eb742e3b0a`
CRC32	`EDC3B97E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	371333e07e726154_danish trambling horse several models boots .mpg.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\danish trambling horse several models boots .mpg.exe
Size	672.8KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`3e370c2a36c042b3877f33a877f85cb0`
SHA1	`6c8b9898788fa308eee8cb06b15d9db3c46e62f2`
SHA256	`371333e07e72615498578820135ad3b5507594a0b53043c5be90bee0f5e318cf`
CRC32	`936F35AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2e8e25cd643541e2_beastiality porn licking vagina .zip.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\beastiality porn licking vagina .zip.exe
Size	255.9KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`8c420fd79884b1e659264f99d332304a`
SHA1	`79cd30e04d59f98cd573be1dfcf08c50cafc0d00`
SHA256	`2e8e25cd643541e2bc28224aa9f6d41b8568811f466fd9438942bcaf2a6c8cea`
CRC32	`1A6C574A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	48e062a9b594b0b5_japanese trambling xxx [milf] castration .avi.exe
Filepath	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese trambling xxx [milf] castration .avi.exe
Size	2.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`2331eb8acc654a985608d0e218903ceb`
SHA1	`00b19e9456e896e71724b83f8befd56b004a8de1`
SHA256	`48e062a9b594b0b5ba04e6622e30ae9d1fde4c803fbf735900b2751d2217091c`
CRC32	`279D40C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7eb1a74fc1f0eb70_american beastiality nude licking nipples stockings .avi.exe
Filepath	C:\Users\tu\AppData\Local\Temp\american beastiality nude licking nipples stockings .avi.exe
Size	417.3KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`53ad5b49c872c45f35a62304ef7d3d93`
SHA1	`6e0f01641c9036f53e91c2e866c7f387eaed96c2`
SHA256	`7eb1a74fc1f0eb70f347885e85d6c56abd83977d5c0f858062afa7125c7bbb92`
CRC32	`70769B88`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e12adefda0134b66_horse action [free] .rar.exe
Filepath	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse action [free] .rar.exe
Size	201.5KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`6988beffaf196e33ac81ee1c37be49ef`
SHA1	`9fb01afcb1a1f412c8cca8b841d36da5d00707db`
SHA256	`e12adefda0134b662ab6e1bd08355a61bbed2efb5d017ef47412244382dd8c25`
CRC32	`879CB91F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7c569732689d91dd_gang bang [milf] mistress .avi.exe
Filepath	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang [milf] mistress .avi.exe
Size	1.8MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`dd9a954e110a397aa04ab978a5af24c8`
SHA1	`ec2a363d9db86815bc26390621355f5d5d5ae65f`
SHA256	`7c569732689d91dde75f59d6e8c11a37fd9e41beacfbf7407e7cb34cebe12f2c`
CRC32	`A0654A92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	494a2f56c315437b_norwegian horse fucking sleeping legs (britney,christine).zip.exe
Filepath	C:\Windows\Downloaded Program Files\norwegian horse fucking sleeping legs (Britney,Christine).zip.exe
Size	601.0KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`dde68d1ccde868851dd01c51ebc098f6`
SHA1	`f439471d9bbb95325a25a05ec8f2fa3823bf45d0`
SHA256	`494a2f56c315437bc4655c5d69bf88a2f49beba067c0058ce71f5cfb64e47b43`
CRC32	`4D33C05C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	751111062eea6773_swedish horse kicking masturbation black hairunshaved .avi.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vv2221l6.default-esr\datareporting\glean\tmp\swedish horse kicking masturbation black hairunshaved .avi.exe
Size	323.2KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`624e0611d92044eb0930bc7e71b0c12d`
SHA1	`cd74846a99742fa2d0afa88c2c48b8653a052a02`
SHA256	`751111062eea6773d3c35acde2e2a619b5b6d904be95a4567800bbce6f48ab45`
CRC32	`070E7EEC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7fe52f9c5421d7c_indian beastiality big .zip.exe
Filepath	C:\Users\tu\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian beastiality big .zip.exe
Size	1.3MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`e55f2a121ae8fa322c1ad55edc97e25b`
SHA1	`036bdd09c6050651708d1427978de2e1433123a1`
SHA256	`c7fe52f9c5421d7c7a3677890f818607521971fef14ec4acf3eec536626f9b1d`
CRC32	`34FEC7C1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	69d06da87c1cdd29_swedish cumshot sleeping (anniston).avi.exe
Filepath	C:\Users\Default\Downloads\swedish cumshot sleeping (Anniston).avi.exe
Size	922.1KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`52b818503f79c705686a0d200a51bea0`
SHA1	`ce90ef825746dad46cc602eca75de711b9767f92`
SHA256	`69d06da87c1cdd2977fc9c7e48e32825ec7e4c67e1a6cca95be2340796f3194e`
CRC32	`326DBD87`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eb4f943772bec893_canadian lingerie handjob girls hole traffic .mpeg.exe
Filepath	C:\Users\tu\AppData\Roaming\Microsoft\Windows\Templates\canadian lingerie handjob girls hole traffic .mpeg.exe
Size	1.0MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`97209ba08a1f9aa23632e4f8b76332ce`
SHA1	`6483123eb61864a9d41bdcad27e63d7adbc15464`
SHA256	`eb4f943772bec893f3a4bdf690d6795789ecd5530834b2e088b9e18d953d2d1b`
CRC32	`B36FAA4C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f22bc66d7b9b0af2_russian hardcore horse [free] .avi.exe
Filepath	C:\Program Files\DVD Maker\Shared\russian hardcore horse [free] .avi.exe
Size	1.1MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`36900fae269e01e0c654e395d3a2a9bf`
SHA1	`731cc0c2332b3025799e0c5f1b0606774cdf59df`
SHA256	`f22bc66d7b9b0af211850f0ffbedee9e0e333a233dd5be64fecc202fc1c11e1e`
CRC32	`01A9594C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7a9c75aef586dd4b_canadian action big leather .mpeg.exe
Filepath	C:\Windows\SoftwareDistribution\Download\canadian action big leather .mpeg.exe
Size	320.6KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`d11ec551129eaa619f65c04c0ec8ad72`
SHA1	`e19ec45dd531aef806622819bb5fc03102bee665`
SHA256	`7a9c75aef586dd4b0b5dde0d3d1e403ed8abc812e75be24f34b73a8418e61ac1`
CRC32	`9351F5B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60fe38f24285e959_lingerie masturbation granny .zip.exe
Filepath	C:\Users\tu\AppData\Local\Temp\tmp73953.WMC\lingerie masturbation granny .zip.exe
Size	1.6MB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`5ef8a59d84015e679f826abf71fae990`
SHA1	`6d9091929dde52c32cbb38e6d222252f8f92aa67`
SHA256	`60fe38f24285e959a4053857cdbb20b6d31357a661d4c970d8833e353018939f`
CRC32	`085D8B73`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d220da1325f41d46_cumshot horse voyeur (sonja,jade).mpg.exe
Filepath	C:\ProgramData\Microsoft\Windows\Templates\cumshot horse voyeur (Sonja,Jade).mpg.exe
Size	694.0KB
Processes	2112 (03793b0390e01b18fc241d21650c97815bb0570e34e662b196147453914d85c8.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, PECompact2 compressed
MD5	`8ee9708f5af5d282651c4fb947e1c4d9`
SHA1	`173f2b5097cd1d2d1117190d3a0828dd58f0d8c4`
SHA256	`d220da1325f41d46b20968bca530210299d5d1b554edb9c9286689219321eb06`
CRC32	`8AF031DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.