Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-xecmjahd2x
Target 108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7
SHA256 108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7

Threat Level: Known bad

The file 108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:45

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:45

Reported

2024-04-03 18:48

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\spanish lesbian fucking hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\asian trambling several models shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake uncut legs pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast bukkake uncut (Tatjana,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese xxx gay sleeping swallow (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\tyrkish blowjob hot (!) circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\german porn hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian [milf] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\malaysia lesbian gay voyeur feet bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast several models feet girly (Christine,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\british lingerie lingerie hot (!) nipples sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish xxx beastiality hidden cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\japanese blowjob masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\swedish fetish porn hot (!) (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian lesbian hidden (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish animal licking mistress (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot trambling masturbation upskirt (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\blowjob hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\african action licking black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\british porn lesbian shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese kicking uncut (Curtney,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie sleeping boots (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian trambling lesbian several models nipples (Janette,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese beast masturbation legs sm (Samantha,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish cum sleeping pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian animal nude [bangbus] pregnant (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\spanish beastiality catfight boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\african blowjob lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\xxx sleeping ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm trambling licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\black sperm bukkake hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\InputMethod\SHARED\fetish licking castration .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\cum horse [bangbus] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian gay several models boots (Jade,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\cumshot kicking [bangbus] (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\french handjob kicking [free] YEâPSè& (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\brasilian lingerie hidden legs (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish cumshot [bangbus] 40+ (Curtney,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality masturbation penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\chinese handjob fucking lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\blowjob full movie high heels (Karin,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\canadian bukkake animal sleeping 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob animal several models feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\french horse uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\german lesbian lingerie hot (!) vagina (Sandy,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\Downloaded Program Files\russian gay trambling several models glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\black hardcore handjob [milf] (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\kicking fucking full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\malaysia blowjob uncut titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian kicking [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\malaysia hardcore beast full movie (Curtney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish horse girls cock (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking kicking big .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot sleeping titts .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\indian horse lingerie lesbian glans (Sonja,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese cum big feet penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\danish beastiality hidden girly (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\brasilian action nude hidden (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\horse voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian trambling beastiality voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish action voyeur Ôï (Gina,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\british sperm nude voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\kicking porn catfight bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\russian animal catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\CbsTemp\horse hidden feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn public fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\gang bang nude [free] sm (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\bukkake horse lesbian legs bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german horse big stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\spanish cum [free] nipples leather (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action bukkake uncut nipples black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\swedish lingerie cum uncut legs .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\lesbian licking glans balls .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\action cumshot [bangbus] (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse trambling masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\chinese gang bang sperm lesbian traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian beast horse hidden (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\malaysia nude hot (!) legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\spanish blowjob big (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cumshot [free] legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\InstallTemp\indian gay animal several models granny (Curtney,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian hardcore licking (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn cum hidden vagina 40+ (Britney,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\porn blowjob voyeur (Liz,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\fucking public .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\french handjob horse hot (!) hole swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\porn fetish masturbation bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\blowjob sleeping bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\blowjob fetish voyeur legs shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\beastiality licking .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish gang bang cumshot hidden (Liz,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\beast animal hidden gorgeoushorny (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\fucking lingerie full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\african gay blowjob big ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\beastiality big vagina (Gina,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2964 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2964 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2964 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 1568 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 1568 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 1568 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 84.186.56.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 47.206.59.25.in-addr.arpa udp
US 8.8.8.8:53 50.44.215.182.in-addr.arpa udp
US 8.8.8.8:53 241.7.76.101.in-addr.arpa udp
US 8.8.8.8:53 55.173.125.40.in-addr.arpa udp
US 8.8.8.8:53 216.244.192.191.in-addr.arpa udp
US 8.8.8.8:53 174.252.156.4.in-addr.arpa udp
US 8.8.8.8:53 4.185.117.249.in-addr.arpa udp
US 8.8.8.8:53 75.166.145.97.in-addr.arpa udp
US 8.8.8.8:53 17.105.171.107.in-addr.arpa udp
US 8.8.8.8:53 206.134.181.192.in-addr.arpa udp
US 8.8.8.8:53 227.12.233.113.in-addr.arpa udp
US 8.8.8.8:53 248.118.198.226.in-addr.arpa udp
US 8.8.8.8:53 252.107.67.236.in-addr.arpa udp
US 8.8.8.8:53 115.229.234.2.in-addr.arpa udp
US 8.8.8.8:53 134.250.139.210.in-addr.arpa udp
US 8.8.8.8:53 141.142.154.125.in-addr.arpa udp
US 8.8.8.8:53 30.202.215.154.in-addr.arpa udp
US 8.8.8.8:53 115.202.42.155.in-addr.arpa udp
US 8.8.8.8:53 245.238.47.59.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 50.226.90.122.in-addr.arpa udp
US 8.8.8.8:53 20.59.89.80.in-addr.arpa udp
US 8.8.8.8:53 84.143.156.5.in-addr.arpa udp
US 8.8.8.8:53 17.183.122.129.in-addr.arpa udp
US 8.8.8.8:53 132.27.244.140.in-addr.arpa udp
US 8.8.8.8:53 40.253.229.250.in-addr.arpa udp
US 8.8.8.8:53 86.27.196.153.in-addr.arpa udp
US 8.8.8.8:53 113.56.237.195.in-addr.arpa udp
US 8.8.8.8:53 241.19.129.251.in-addr.arpa udp
US 8.8.8.8:53 71.234.224.113.in-addr.arpa udp
US 8.8.8.8:53 116.152.139.24.in-addr.arpa udp
US 8.8.8.8:53 252.169.164.28.in-addr.arpa udp
US 8.8.8.8:53 145.62.253.67.in-addr.arpa udp
US 8.8.8.8:53 69.226.12.225.in-addr.arpa udp
US 8.8.8.8:53 115.60.240.21.in-addr.arpa udp
US 8.8.8.8:53 19.247.133.113.in-addr.arpa udp
US 8.8.8.8:53 155.107.159.96.in-addr.arpa udp
US 8.8.8.8:53 130.70.182.242.in-addr.arpa udp
US 8.8.8.8:53 147.48.38.135.in-addr.arpa udp
US 8.8.8.8:53 116.16.73.152.in-addr.arpa udp
US 8.8.8.8:53 154.130.225.30.in-addr.arpa udp
US 8.8.8.8:53 56.114.217.223.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 78.96.44.220.in-addr.arpa udp
US 8.8.8.8:53 212.201.91.95.in-addr.arpa udp
US 8.8.8.8:53 135.179.1.151.in-addr.arpa udp
US 8.8.8.8:53 77.147.197.1.in-addr.arpa udp
US 8.8.8.8:53 8.39.94.202.in-addr.arpa udp
US 8.8.8.8:53 6.81.111.149.in-addr.arpa udp
US 8.8.8.8:53 49.241.55.164.in-addr.arpa udp
US 8.8.8.8:53 172.104.222.220.in-addr.arpa udp
US 8.8.8.8:53 54.43.46.186.in-addr.arpa udp
US 8.8.8.8:53 8.103.3.41.in-addr.arpa udp
US 8.8.8.8:53 10.93.90.220.in-addr.arpa udp
US 8.8.8.8:53 230.9.135.15.in-addr.arpa udp
US 8.8.8.8:53 243.49.23.82.in-addr.arpa udp
US 8.8.8.8:53 230.74.202.145.in-addr.arpa udp
US 8.8.8.8:53 67.213.21.165.in-addr.arpa udp
US 8.8.8.8:53 216.145.226.165.in-addr.arpa udp
US 8.8.8.8:53 29.7.250.24.in-addr.arpa udp
US 8.8.8.8:53 247.248.191.33.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

memory/2964-0-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian animal nude [bangbus] pregnant (Samantha).mpeg.exe

MD5 c0e7c5ab583f0c5dc3ba8ceffff7bf83
SHA1 080c3d42fdea2dea9d0908aeab1ea64e3a5b527c
SHA256 4694bb1132794b928fd71438986974eb447dd87da16ea46a0a7feaedf87c75cc
SHA512 d0696d5b7d8bf1f05fb5451958465207d261c473db2525cc581605ec69bdc05c2e80398af9e56f012998fd24efb5264c552a45f81ed7da22a11584f9113f4340

memory/1568-55-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2188-170-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1228-171-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-189-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1568-190-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2188-192-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1228-193-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-194-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-200-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-210-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-214-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-219-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-223-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-227-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-231-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-235-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-239-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-243-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-247-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2964-251-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:45

Reported

2024-04-03 18:48

Platform

win7-20240221-en

Max time kernel

154s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\gay lesbian catfight ejaculation (Ashley,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\kicking girls legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia fetish fucking hidden (Britney,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\african trambling several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang sleeping titts mature (Sandy,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese animal cum [free] 40+ (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian xxx hot (!) ìï (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\IME\shared\asian handjob porn [bangbus] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beastiality big .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn fucking licking vagina blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\chinese porn sperm [bangbus] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Windows Journal\Templates\bukkake nude public vagina young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast action hot (!) wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse masturbation nipples mistress (Tatjana,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese kicking [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\fucking gang bang girls black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\handjob kicking [milf] 50+ (Samantha,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian horse sperm [free] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\DVD Maker\Shared\tyrkish lesbian hidden beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black action lingerie licking gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Google\Temp\swedish fucking licking boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\black cum several models lady .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish fucking uncut glans (Sonja,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob nude big high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german horse hardcore [milf] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\russian beastiality animal public .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\indian cum masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\spanish gang bang porn lesbian swallow (Sandy,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian trambling hot (!) glans ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\fetish lesbian sleeping bedroom (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\fetish trambling voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian blowjob bukkake hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action licking boobs sweet (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian cum xxx [bangbus] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\SoftwareDistribution\Download\gang bang beastiality [free] 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\xxx voyeur swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish action voyeur feet black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian horse [free] boobs wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fucking beastiality lesbian ash high heels (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\trambling [free] vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\danish horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\norwegian horse big girly .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\hardcore big balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang xxx [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\kicking lesbian beautyfull (Ashley,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\tmp\trambling action licking vagina (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling girls hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\nude full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\german xxx [bangbus] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british kicking voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\Downloaded Program Files\kicking full movie mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian cumshot sleeping feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\malaysia gang bang animal masturbation glans penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fucking trambling hot (!) castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\italian nude hidden sm (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\black lesbian hot (!) granny (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn xxx uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\handjob hidden glans castration .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black beastiality voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\beastiality catfight (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian fucking masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore blowjob hot (!) vagina traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beast beast [bangbus] swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian sperm sleeping hairy (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cumshot [milf] fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\spanish beast girls young .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\chinese horse [free] boobs leather .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian fetish lesbian [bangbus] mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish fucking lesbian voyeur glans (Sonja,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\porn [free] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality blowjob hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish horse hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\norwegian horse [milf] wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\blowjob masturbation penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fetish sleeping blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american beastiality beast masturbation (Janette,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british horse lesbian catfight femdom (Karin,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\action xxx uncut femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese beast porn [milf] cock (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast beast lesbian bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum hot (!) granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse trambling full movie hole hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\chinese beast [free] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\fetish sleeping fishy (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black beast [milf] girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cum nude several models .rar.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\hardcore hidden young (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2860 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2860 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2860 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2156 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2156 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2156 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
PID 2156 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe

"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 166.207.116.25.in-addr.arpa udp
US 8.8.8.8:53 187.207.117.79.in-addr.arpa udp
US 8.8.8.8:53 133.202.7.70.in-addr.arpa udp
US 8.8.8.8:53 11.190.84.179.in-addr.arpa udp
US 8.8.8.8:53 115.113.201.242.in-addr.arpa udp
US 8.8.8.8:53 64.245.30.29.in-addr.arpa udp
US 8.8.8.8:53 186.82.74.129.in-addr.arpa udp
US 8.8.8.8:53 238.155.59.116.in-addr.arpa udp
US 8.8.8.8:53 219.98.150.170.in-addr.arpa udp
US 8.8.8.8:53 150.28.233.231.in-addr.arpa udp
US 8.8.8.8:53 100.137.198.220.in-addr.arpa udp

Files

memory/2860-0-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-4-0x00000000046D0000-0x00000000046EB000-memory.dmp

memory/2156-5-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\black action lingerie licking gorgeoushorny .mpg.exe

MD5 c13d35bfb575722361f8a0c51818d546
SHA1 6d2af12f5655eda7b6d07446b58846a7b7fdf2ad
SHA256 51d2ab1502a63a8df0fb8b5384bfda1b0b2f444a2566bb4dfe059fa6a2f76ebe
SHA512 e62fcace23eb4917ef66ff7ca46fe27336c010b3fb9c9de59e554829cf3ba3a392088ccfea491b73c70928968dd7a16ad06516dfa95d3609ba27e73ccccc736f

memory/2156-28-0x00000000047C0000-0x00000000047DB000-memory.dmp

memory/2616-29-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-63-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2156-64-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2616-65-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-70-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-89-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-95-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-98-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-101-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-104-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-107-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-111-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-124-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-127-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-130-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-135-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-138-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2860-141-0x0000000000400000-0x000000000041B000-memory.dmp