Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-x3wejsac4z
Target 21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9
SHA256 21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9

Threat Level: Known bad

The file 21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:23

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:23

Reported

2024-04-03 19:25

Platform

win7-20240220-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\russian hardcore action hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking gang bang full movie boobs YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french trambling big glans femdom (Jade,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling beastiality voyeur penetration (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese gang bang several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\System32\DriverStore\Temp\cum trambling [free] titts Ôë .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\spanish porn beast [bangbus] mature (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob horse girls leather .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cum girls (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian sperm bukkake uncut 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish horse sleeping girly .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\action masturbation balls (Gina,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish animal trambling voyeur nipples wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\DVD Maker\Shared\norwegian cumshot hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Windows Journal\Templates\hardcore several models castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\chinese fucking fetish hidden (Anniston,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\french nude masturbation titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking [milf] nipples castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\cum trambling licking circumcision (Kathrin,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Google\Temp\trambling girls circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british horse gay full movie upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\british animal sleeping ash penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\porn big (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\blowjob action voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx several models (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\american bukkake girls mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish action handjob masturbation beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian beastiality hidden legs sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish horse licking legs 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\porn fetish several models fishy (Christine,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\gay girls (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast action [milf] sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\japanese hardcore gang bang girls .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia beastiality blowjob full movie young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian porn several models glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\american kicking lesbian young (Sonja,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\french lingerie beastiality girls hole young .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish xxx [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia bukkake bukkake [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish xxx cum hot (!) circumcision (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fucking hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\Downloaded Program Files\norwegian cum blowjob uncut circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\swedish porn horse hot (!) hole swallow (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\swedish handjob [bangbus] boobs 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore big .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\nude lesbian leather (Christine,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german horse bukkake full movie boobs (Curtney,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\norwegian cumshot lingerie voyeur redhair (Sonja,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\animal masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\black lingerie animal masturbation femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian lingerie xxx big feet (Sonja,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german cum full movie vagina leather .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british cum hot (!) stockings (Ashley,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\french sperm catfight boobs stockings (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish sperm sleeping titts pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\sperm bukkake hot (!) legs (Christine,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\chinese handjob beast hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish gay masturbation legs upskirt (Karin,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish beast lesbian licking pregnant (Kathrin,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian gay beast hidden vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gang bang sperm public ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\sperm [bangbus] young (Samantha,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling public (Gina,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\cum nude public titts stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british kicking big vagina mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\malaysia beast sleeping (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\tyrkish cumshot porn sleeping hole .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\french horse beast catfight gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia nude trambling voyeur castration .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum hot (!) shower (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian beast bukkake masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\InstallTemp\cumshot kicking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\french cum licking circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\russian lingerie big hole latex .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SoftwareDistribution\Download\horse voyeur mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian horse big latex (Anniston,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german beastiality public .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german horse animal [bangbus] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm fucking [free] mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german porn nude girls hole redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\xxx horse sleeping hole .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\trambling several models .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish beastiality masturbation legs (Anniston,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian gang bang catfight hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black handjob hot (!) lady .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2220 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2220 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2220 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2552 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2552 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2552 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 2552 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 251.151.239.136.in-addr.arpa udp
US 8.8.8.8:53 180.243.199.103.in-addr.arpa udp
US 8.8.8.8:53 251.197.189.198.in-addr.arpa udp
US 8.8.8.8:53 45.34.175.144.in-addr.arpa udp
US 8.8.8.8:53 28.232.198.213.in-addr.arpa udp
US 8.8.8.8:53 80.23.252.143.in-addr.arpa udp
US 8.8.8.8:53 197.71.74.63.in-addr.arpa udp
US 8.8.8.8:53 242.223.41.253.in-addr.arpa udp
US 8.8.8.8:53 40.216.135.231.in-addr.arpa udp
US 8.8.8.8:53 60.246.213.232.in-addr.arpa udp
US 8.8.8.8:53 18.71.36.17.in-addr.arpa udp
US 8.8.8.8:53 6.226.92.146.in-addr.arpa udp
US 8.8.8.8:53 174.98.206.79.in-addr.arpa udp
US 8.8.8.8:53 110.226.163.10.in-addr.arpa udp
US 8.8.8.8:53 51.108.149.160.in-addr.arpa udp
US 8.8.8.8:53 179.41.251.17.in-addr.arpa udp
US 8.8.8.8:53 52.166.64.26.in-addr.arpa udp
US 8.8.8.8:53 38.163.87.155.in-addr.arpa udp
US 8.8.8.8:53 38.144.52.97.in-addr.arpa udp
US 8.8.8.8:53 250.53.243.241.in-addr.arpa udp
US 8.8.8.8:53 100.232.187.134.in-addr.arpa udp
US 8.8.8.8:53 223.47.14.49.in-addr.arpa udp
US 8.8.8.8:53 104.109.5.253.in-addr.arpa udp
US 8.8.8.8:53 75.56.185.189.in-addr.arpa udp
US 8.8.8.8:53 70.238.197.47.in-addr.arpa udp
US 8.8.8.8:53 85.70.65.197.in-addr.arpa udp
US 8.8.8.8:53 251.196.65.131.in-addr.arpa udp
US 8.8.8.8:53 179.34.75.94.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2220-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking [milf] nipples castration .mpeg.exe

MD5 a361848244684b7da901595b9b3b20ef
SHA1 b48e25806600db7046f0988e4af6061aaee9db62
SHA256 879467bbff6de1557649366bb01a13eae5ad50387f5a5be10a341a43d4ad0049
SHA512 ba942a8004a7265f3ff3fa3c9796ea2e5f22da8055ea9b13bf849c15abf1db43f8bacb7f3e2dfc8879097458d0c161471f0d37e9d9f32e451e8afbbbfc3341cf

memory/2220-75-0x00000000050C0000-0x00000000050DC000-memory.dmp

memory/2552-76-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2288-88-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2552-87-0x0000000004A90000-0x0000000004AAC000-memory.dmp

memory/2220-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2552-101-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2288-102-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-103-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-104-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-105-0x00000000050C0000-0x00000000050DC000-memory.dmp

memory/2552-108-0x0000000004A90000-0x0000000004AAC000-memory.dmp

memory/2220-109-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-112-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-115-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-120-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-123-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-126-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-129-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-132-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-135-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-138-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-141-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2220-144-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:23

Reported

2024-04-03 19:25

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang lesbian big titts girly .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie voyeur (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake hot (!) wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese animal fucking licking hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian fetish fucking lesbian 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm hidden hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\bukkake several models .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian uncut high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob [free] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang sperm voyeur feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish beastiality hardcore lesbian feet blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian porn fucking uncut cock .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\xxx masturbation (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\trambling [bangbus] beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Google\Temp\swedish fetish xxx catfight feet mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian cumshot blowjob masturbation cock ash (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\beast catfight glans bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish animal bukkake lesbian YEâPSè& (Ashley,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx [free] (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian cumshot gay lesbian feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\brasilian horse lingerie girls (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\gay [milf] (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore uncut shoes (Sandy,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish beastiality gay [milf] hole boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\tyrkish animal gay full movie circumcision (Christine,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian nude beast girls hole 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie licking feet (Anniston,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn gay [bangbus] titts gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish handjob beast [free] hole (Gina,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian handjob bukkake [bangbus] stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian gang bang lingerie big glans girly (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\german gay sleeping penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\malaysia beast big (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black gang bang trambling masturbation (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay public glans leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese animal blowjob lesbian leather (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\xxx licking swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\american cum xxx [milf] hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\InstallTemp\blowjob [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\bukkake big traffic (Kathrin,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british xxx [milf] balls (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore public feet 40+ (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\fetish bukkake [free] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\french hardcore voyeur (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black kicking sperm lesbian black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\kicking trambling [bangbus] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\french trambling lesbian glans 40+ (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\spanish horse sleeping feet wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\african bukkake masturbation penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\hardcore lesbian high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx voyeur titts .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\xxx hidden fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\chinese beast uncut glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\malaysia bukkake girls mature (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\german bukkake [bangbus] hole 40+ (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\blowjob public titts black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\russian handjob blowjob hot (!) YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\german blowjob catfight lady (Gina,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\Downloaded Program Files\indian cum bukkake voyeur ash .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german xxx lesbian titts beautyfull (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action sperm uncut femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\asian trambling [bangbus] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\french blowjob masturbation ash .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot lingerie voyeur feet (Sandy,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\action sperm several models hole young (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\cum lesbian lesbian mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish horse bukkake voyeur ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\chinese horse several models sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\sperm [milf] (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\asian blowjob sleeping cock stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\american kicking sperm lesbian YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\norwegian sperm hidden titts granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish nude trambling full movie circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\norwegian sperm hidden bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\sperm lesbian glans latex (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\fetish bukkake [free] shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african gay lesbian (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\asian lingerie licking (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\chinese trambling lesbian gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\beast [milf] castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\tyrkish animal xxx lesbian castration (Ashley,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\horse licking titts Ôï (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\assembly\tmp\black beastiality lesbian sleeping glans .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian beast voyeur stockings (Anniston,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\spanish trambling catfight feet sm (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\malaysia bukkake licking titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\handjob hardcore [milf] bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\SoftwareDistribution\Download\swedish kicking hardcore [milf] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\spanish sperm licking wifey (Kathrin,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\french sperm several models cock leather (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\italian cumshot bukkake several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\brasilian cum blowjob uncut circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\trambling [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 316 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 316 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 316 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 4888 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 4888 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 4888 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 316 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 316 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
PID 316 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe

"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 178.223.72.159.in-addr.arpa udp
US 8.8.8.8:53 76.42.206.112.in-addr.arpa udp
US 8.8.8.8:53 39.199.72.184.in-addr.arpa udp
US 8.8.8.8:53 145.62.64.141.in-addr.arpa udp
US 8.8.8.8:53 98.136.146.202.in-addr.arpa udp
US 8.8.8.8:53 201.141.34.124.in-addr.arpa udp
US 8.8.8.8:53 184.199.240.167.in-addr.arpa udp
US 8.8.8.8:53 24.171.200.185.in-addr.arpa udp
US 8.8.8.8:53 81.36.7.36.in-addr.arpa udp
US 8.8.8.8:53 130.53.168.85.in-addr.arpa udp
US 8.8.8.8:53 193.242.44.79.in-addr.arpa udp
US 8.8.8.8:53 159.241.76.79.in-addr.arpa udp
US 8.8.8.8:53 233.38.147.174.in-addr.arpa udp
US 8.8.8.8:53 200.129.2.173.in-addr.arpa udp
US 8.8.8.8:53 155.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 72.69.132.196.in-addr.arpa udp
US 8.8.8.8:53 28.131.36.53.in-addr.arpa udp
US 8.8.8.8:53 96.161.151.114.in-addr.arpa udp
US 8.8.8.8:53 225.236.140.20.in-addr.arpa udp
US 8.8.8.8:53 169.53.215.239.in-addr.arpa udp
US 8.8.8.8:53 118.33.137.20.in-addr.arpa udp
US 8.8.8.8:53 235.87.155.210.in-addr.arpa udp
US 8.8.8.8:53 174.21.174.91.in-addr.arpa udp
US 8.8.8.8:53 236.157.64.175.in-addr.arpa udp
US 8.8.8.8:53 173.206.5.208.in-addr.arpa udp
US 8.8.8.8:53 66.213.17.233.in-addr.arpa udp
US 8.8.8.8:53 146.133.62.254.in-addr.arpa udp
US 8.8.8.8:53 28.32.127.198.in-addr.arpa udp
US 8.8.8.8:53 99.158.158.80.in-addr.arpa udp
US 8.8.8.8:53 198.111.85.100.in-addr.arpa udp
US 8.8.8.8:53 135.26.211.101.in-addr.arpa udp
US 8.8.8.8:53 136.252.208.139.in-addr.arpa udp
US 8.8.8.8:53 248.202.149.124.in-addr.arpa udp
US 8.8.8.8:53 82.166.196.164.in-addr.arpa udp
US 8.8.8.8:53 171.163.162.183.in-addr.arpa udp
US 8.8.8.8:53 204.25.246.12.in-addr.arpa udp
US 8.8.8.8:53 176.133.157.49.in-addr.arpa udp
US 8.8.8.8:53 135.244.227.118.in-addr.arpa udp
US 8.8.8.8:53 205.9.255.1.in-addr.arpa udp
US 8.8.8.8:53 180.163.152.215.in-addr.arpa udp
US 8.8.8.8:53 27.94.255.96.in-addr.arpa udp
US 8.8.8.8:53 224.89.210.71.in-addr.arpa udp
US 8.8.8.8:53 138.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 154.43.246.14.in-addr.arpa udp
US 8.8.8.8:53 214.68.228.63.in-addr.arpa udp
US 8.8.8.8:53 119.114.230.147.in-addr.arpa udp
US 8.8.8.8:53 51.186.112.216.in-addr.arpa udp
US 8.8.8.8:53 92.19.6.73.in-addr.arpa udp
US 8.8.8.8:53 115.121.26.15.in-addr.arpa udp
US 8.8.8.8:53 34.20.210.238.in-addr.arpa udp
US 8.8.8.8:53 40.224.61.32.in-addr.arpa udp
US 8.8.8.8:53 19.122.78.68.in-addr.arpa udp
US 8.8.8.8:53 139.224.7.156.in-addr.arpa udp
US 8.8.8.8:53 92.167.209.96.in-addr.arpa udp
US 8.8.8.8:53 93.46.161.79.in-addr.arpa udp
US 8.8.8.8:53 136.12.81.47.in-addr.arpa udp
US 8.8.8.8:53 203.162.168.58.in-addr.arpa udp
US 8.8.8.8:53 131.64.178.120.in-addr.arpa udp
US 8.8.8.8:53 97.179.165.254.in-addr.arpa udp
US 8.8.8.8:53 108.250.29.9.in-addr.arpa udp
US 8.8.8.8:53 73.36.159.212.in-addr.arpa udp
US 8.8.8.8:53 120.110.167.36.in-addr.arpa udp
US 8.8.8.8:53 107.173.109.133.in-addr.arpa udp
US 8.8.8.8:53 155.255.231.134.in-addr.arpa udp
US 8.8.8.8:53 59.9.218.8.in-addr.arpa udp
US 8.8.8.8:53 167.241.155.58.in-addr.arpa udp
US 8.8.8.8:53 232.157.60.203.in-addr.arpa udp
US 8.8.8.8:53 192.126.174.232.in-addr.arpa udp
US 8.8.8.8:53 178.143.54.170.in-addr.arpa udp
US 8.8.8.8:53 30.164.229.57.in-addr.arpa udp
US 8.8.8.8:53 182.80.161.226.in-addr.arpa udp
US 8.8.8.8:53 219.3.235.154.in-addr.arpa udp
US 8.8.8.8:53 3.200.189.254.in-addr.arpa udp
US 8.8.8.8:53 45.121.155.2.in-addr.arpa udp

Files

memory/316-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking lesbian .mpeg.exe

MD5 190258d7ec4b5659db7024ca4d54bea7
SHA1 e909655b7328d7238fb92ccd407fa303edbe4ed4
SHA256 630b302af5692eaf1edf15b38f25ca2d2d9373a3e72fe93026968329412df2b4
SHA512 bfe2662244c6bac7f9558846c4be023c214384967a1206e8af9fcbeb31d0d58df318c23694703cfefa840413c52c6d6065b9f91414b287d13163ff90c68259f5

memory/4888-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4216-175-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4888-185-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4164-186-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4216-187-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-189-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-190-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-196-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-206-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-210-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-215-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-219-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-223-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-227-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-231-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-235-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-239-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-243-0x0000000000400000-0x000000000041C000-memory.dmp

memory/316-247-0x0000000000400000-0x000000000041C000-memory.dmp