Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-22p9cshb9v
Target 88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c
SHA256 88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c

Threat Level: Known bad

The file 88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:04

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:04

Reported

2024-04-07 23:07

Platform

win7-20240221-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian kicking big 50+ (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast lesbian (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\gay lingerie uncut shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\norwegian gang bang blowjob sleeping sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\italian animal several models titts hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm sleeping black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\fucking kicking [bangbus] Ôë (Sylvia,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish blowjob several models mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian bukkake trambling public femdom (Curtney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\canadian trambling cumshot big (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\sperm blowjob hidden young .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish blowjob public mature .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american sperm [milf] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian fucking cumshot lesbian pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\german handjob nude big feet (Samantha,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\cumshot [bangbus] wifey (Sonja,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\DVD Maker\Shared\kicking full movie bedroom (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish nude beast full movie hole black hairunshaved (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african action hidden vagina balls (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking lingerie catfight circumcision (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Windows Journal\Templates\gay beast [milf] YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\norwegian horse catfight titts .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Google\Temp\british fetish sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\cum full movie (Janette,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian lingerie public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\horse lesbian full movie wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm several models (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\indian trambling gang bang lesbian 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\temp\horse lingerie lesbian balls .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\asian handjob nude [free] fishy (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\animal bukkake masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\gay sperm several models (Samantha,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\french kicking lesbian ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish trambling lesbian lesbian black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cumshot handjob voyeur (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\kicking gang bang catfight ash hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\italian fetish fucking sleeping swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\norwegian fucking beast lesbian titts (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cum nude several models (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse fetish [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\black lesbian horse [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish blowjob fetish big hairy (Ashley,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\PLA\Templates\african lingerie fucking lesbian 40+ (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\chinese lingerie hidden (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\norwegian animal gay lesbian stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish lesbian catfight mature .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\tmp\french lesbian sperm public legs .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\french horse handjob hot (!) 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian nude masturbation (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian trambling blowjob licking ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\cum hot (!) leather (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish horse horse hot (!) feet .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\blowjob trambling sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lesbian trambling licking girly .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\tyrkish gay voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\german hardcore bukkake big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\black fetish catfight girly (Samantha,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\fetish hot (!) (Janette,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia gay full movie shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\cum public legs .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian xxx xxx hot (!) cock redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian trambling hidden boots .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\animal full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish kicking full movie wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\xxx nude full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\japanese horse horse sleeping wifey (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\japanese fetish [bangbus] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\american kicking cumshot uncut titts sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\spanish action several models .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx several models cock castration (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\Downloaded Program Files\norwegian xxx masturbation femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx big .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black gay blowjob lesbian leather (Melissa,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\InstallTemp\animal xxx hot (!) (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish blowjob bukkake sleeping ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish porn full movie glans 50+ (Anniston,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french porn uncut castration (Jade,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\tyrkish beast sleeping cock sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\kicking beastiality big .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\danish handjob public glans (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american gay beastiality catfight bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\chinese trambling porn big hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\security\templates\malaysia porn beast [free] titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang horse voyeur (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\black animal several models legs lady .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\blowjob hidden (Samantha,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie xxx hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2336 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2336 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2372 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2372 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2372 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 2372 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 190.177.80.83.in-addr.arpa udp
US 8.8.8.8:53 22.166.122.125.in-addr.arpa udp
US 8.8.8.8:53 123.245.134.165.in-addr.arpa udp
US 8.8.8.8:53 173.71.99.13.in-addr.arpa udp
US 8.8.8.8:53 80.199.122.101.in-addr.arpa udp
US 8.8.8.8:53 159.198.88.83.in-addr.arpa udp
US 8.8.8.8:53 176.162.86.139.in-addr.arpa udp
US 8.8.8.8:53 16.167.244.71.in-addr.arpa udp
US 8.8.8.8:53 175.128.37.208.in-addr.arpa udp
US 8.8.8.8:53 40.218.236.245.in-addr.arpa udp
US 8.8.8.8:53 93.3.88.211.in-addr.arpa udp
US 8.8.8.8:53 197.84.36.11.in-addr.arpa udp
US 8.8.8.8:53 166.20.185.14.in-addr.arpa udp
US 8.8.8.8:53 221.31.182.240.in-addr.arpa udp
US 8.8.8.8:53 165.146.184.194.in-addr.arpa udp
US 8.8.8.8:53 107.91.51.103.in-addr.arpa udp
US 8.8.8.8:53 251.230.241.55.in-addr.arpa udp
US 8.8.8.8:53 129.227.18.102.in-addr.arpa udp
US 8.8.8.8:53 211.168.235.189.in-addr.arpa udp
US 8.8.8.8:53 8.223.250.221.in-addr.arpa udp

Files

memory/2336-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish blowjob public mature .avi.exe

MD5 1198d0bbcc6745730523b6f38da2c4cd
SHA1 957ef4e2aeffb3e63bdf646a2671849d9ca43c9a
SHA256 cac096ad2a9b67796c7fb0471d7099fb04d96a9c997f5e1ac06d6ae2c632f47a
SHA512 1e75b72f2929acdfae3d1b558971e642a31805f198b89d5456c8590e798432f4d8d20a22a14ae047c270674194ed995aa5ae7a8381e398ec183e0c30ff82eaa9

memory/2336-7-0x0000000004C30000-0x0000000004C50000-memory.dmp

memory/2372-10-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-54-0x00000000047C0000-0x00000000047E0000-memory.dmp

memory/2336-53-0x0000000004C30000-0x0000000004C50000-memory.dmp

memory/576-55-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1984-56-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2336-96-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2336-100-0x0000000004C30000-0x0000000004C50000-memory.dmp

memory/2372-101-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 d25e2b84f74d18462257c839faf443be
SHA1 41febf782233f51705aded9030ea02c972b4c28b
SHA256 d21347d0493aadab8b15a60bbceee5accfbc352b8cacdf561a528417de472bf9
SHA512 3fca9fadf3d2c53ed689e878bcda9bcef51887dc7bb5a70916427a855fbe52246607b16f733b97885859dad4b212fd3c52fd34423ba29a34bf7cbeb6b1614cba

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:04

Reported

2024-04-07 23:07

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\swedish cumshot catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\german porn full movie traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian action beast masturbation high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian horse kicking licking swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\italian nude licking fishy (Kathrin,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia cum trambling uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\trambling animal girls (Tatjana,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling [milf] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\animal big (Britney,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german hardcore trambling sleeping balls .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish porn sleeping legs 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\african action hidden vagina balls (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\canadian lingerie blowjob uncut 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian trambling cumshot big (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude beast full movie hole black hairunshaved (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum xxx voyeur cock leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Google\Temp\british porn [bangbus] blondie (Karin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african cum hardcore hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\dotnet\shared\kicking full movie bedroom (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\cum full movie (Janette,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian horse catfight titts .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british fetish sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling xxx catfight ash .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\spanish gang bang beastiality catfight cock sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\nude kicking [milf] legs upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\gay beast [milf] YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish blowjob public mature .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\lingerie gay lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\cumshot [bangbus] wifey (Sonja,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\canadian bukkake kicking lesbian titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast lesbian 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\gay sperm sleeping feet .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\animal voyeur hotel (Tatjana,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\swedish porn cumshot uncut granny (Janette,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\gang bang public .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black gay [milf] titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling lesbian fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\PLA\Templates\danish hardcore [bangbus] blondie (Christine,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\asian beast xxx [free] (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\black action licking beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\british handjob action sleeping nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\fetish catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse animal voyeur circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\trambling lesbian girls ash gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\italian porn girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\action beast catfight girly (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\french beast hot (!) swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\indian kicking big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\norwegian kicking several models ejaculation (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\german cumshot bukkake [milf] fishy (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\temp\spanish handjob big (Tatjana,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\fetish handjob public (Karin,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\xxx hardcore public (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\chinese animal [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\trambling voyeur high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\action blowjob public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\tmp\handjob lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish xxx fucking several models legs .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\brasilian horse [free] boobs black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay full movie titts upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\spanish blowjob public (Liz,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\russian handjob handjob sleeping (Sarah,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\asian lesbian hot (!) castration .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\fetish [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\InstallTemp\german beastiality big nipples swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\spanish gang bang voyeur vagina 50+ (Liz,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\lesbian [milf] hairy (Gina,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\german lesbian licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\british bukkake trambling public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\american horse [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american hardcore catfight glans .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\action lesbian masturbation legs (Sarah,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\indian porn action hidden glans sm .avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\lesbian nude sleeping lady .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\handjob fetish masturbation boots (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gang bang voyeur vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african fetish hardcore full movie shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse beastiality catfight Ôï (Sonja,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\swedish lesbian blowjob girls .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\italian animal masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm [bangbus] mature .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian bukkake hardcore [bangbus] hotel (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\british nude lesbian latex .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cum hidden feet redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\xxx uncut (Jenna,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie horse catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\russian fucking horse lesbian girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\lingerie licking shoes (Tatjana,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\african porn beast uncut balls .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia sperm full movie leather (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cum girls feet (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\african beastiality hardcore [free] YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\norwegian hardcore porn girls ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\russian horse bukkake girls Ôï (Britney,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3216 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 3216 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 3216 wrote to memory of 5376 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 5376 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 5376 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe
PID 5376 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe

"C:\Users\Admin\AppData\Local\Temp\88ef1449f795d3ffadb4c5d5cd4bdad6741d93687f4eec8343c01497cb6e386c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 48.129.250.2.in-addr.arpa udp
US 8.8.8.8:53 235.77.76.249.in-addr.arpa udp
US 8.8.8.8:53 164.24.90.203.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 188.110.245.146.in-addr.arpa udp
US 8.8.8.8:53 109.170.205.54.in-addr.arpa udp
US 8.8.8.8:53 90.171.50.136.in-addr.arpa udp
US 8.8.8.8:53 25.1.158.245.in-addr.arpa udp
US 8.8.8.8:53 62.181.122.13.in-addr.arpa udp
US 8.8.8.8:53 247.229.107.42.in-addr.arpa udp
US 8.8.8.8:53 112.148.1.214.in-addr.arpa udp
US 8.8.8.8:53 32.218.145.51.in-addr.arpa udp
US 8.8.8.8:53 44.148.159.78.in-addr.arpa udp
US 8.8.8.8:53 219.27.223.198.in-addr.arpa udp
US 8.8.8.8:53 129.36.58.226.in-addr.arpa udp
US 8.8.8.8:53 234.193.160.43.in-addr.arpa udp
US 8.8.8.8:53 189.37.244.62.in-addr.arpa udp
US 8.8.8.8:53 245.103.223.104.in-addr.arpa udp
US 8.8.8.8:53 10.20.236.144.in-addr.arpa udp
US 8.8.8.8:53 160.42.232.249.in-addr.arpa udp
US 8.8.8.8:53 64.49.22.43.in-addr.arpa udp
US 8.8.8.8:53 130.2.78.194.in-addr.arpa udp
US 8.8.8.8:53 138.185.118.103.in-addr.arpa udp
US 8.8.8.8:53 214.97.11.91.in-addr.arpa udp
US 8.8.8.8:53 188.55.255.160.in-addr.arpa udp
US 8.8.8.8:53 95.43.87.115.in-addr.arpa udp
US 8.8.8.8:53 12.243.151.89.in-addr.arpa udp
US 8.8.8.8:53 59.20.237.64.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.160.46.243.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.201.142.128.in-addr.arpa udp
US 8.8.8.8:53 115.190.72.210.in-addr.arpa udp
US 8.8.8.8:53 206.138.155.246.in-addr.arpa udp
US 8.8.8.8:53 97.154.140.33.in-addr.arpa udp
US 8.8.8.8:53 53.69.80.42.in-addr.arpa udp
US 8.8.8.8:53 222.110.56.38.in-addr.arpa udp
US 8.8.8.8:53 74.18.245.110.in-addr.arpa udp
US 8.8.8.8:53 33.59.241.23.in-addr.arpa udp
US 8.8.8.8:53 201.239.91.142.in-addr.arpa udp
US 8.8.8.8:53 208.134.195.182.in-addr.arpa udp
US 8.8.8.8:53 244.233.82.39.in-addr.arpa udp
US 8.8.8.8:53 169.226.120.240.in-addr.arpa udp
US 8.8.8.8:53 184.2.117.51.in-addr.arpa udp
US 8.8.8.8:53 115.211.225.112.in-addr.arpa udp
US 8.8.8.8:53 25.93.170.50.in-addr.arpa udp
US 8.8.8.8:53 211.252.1.199.in-addr.arpa udp
US 8.8.8.8:53 38.239.127.154.in-addr.arpa udp
US 8.8.8.8:53 166.37.215.125.in-addr.arpa udp
US 8.8.8.8:53 52.11.215.191.in-addr.arpa udp
US 8.8.8.8:53 116.35.159.120.in-addr.arpa udp
US 8.8.8.8:53 17.161.38.5.in-addr.arpa udp
US 8.8.8.8:53 18.134.174.177.in-addr.arpa udp
US 8.8.8.8:53 106.157.207.180.in-addr.arpa udp
US 8.8.8.8:53 235.218.16.116.in-addr.arpa udp
US 8.8.8.8:53 93.109.198.152.in-addr.arpa udp
US 8.8.8.8:53 240.208.21.27.in-addr.arpa udp
US 8.8.8.8:53 240.196.38.87.in-addr.arpa udp
US 8.8.8.8:53 34.89.165.114.in-addr.arpa udp
US 8.8.8.8:53 118.184.159.127.in-addr.arpa udp
US 8.8.8.8:53 120.92.199.202.in-addr.arpa udp
US 8.8.8.8:53 243.110.143.58.in-addr.arpa udp
US 8.8.8.8:53 115.216.58.84.in-addr.arpa udp
US 8.8.8.8:53 83.237.13.156.in-addr.arpa udp
US 8.8.8.8:53 201.190.156.49.in-addr.arpa udp
US 8.8.8.8:53 98.6.218.28.in-addr.arpa udp
US 8.8.8.8:53 197.66.154.109.in-addr.arpa udp
US 8.8.8.8:53 18.171.70.19.in-addr.arpa udp
US 8.8.8.8:53 255.126.13.66.in-addr.arpa udp
US 8.8.8.8:53 145.233.98.229.in-addr.arpa udp
US 8.8.8.8:53 23.49.245.27.in-addr.arpa udp
US 8.8.8.8:53 136.124.21.90.in-addr.arpa udp
US 8.8.8.8:53 63.138.254.33.in-addr.arpa udp
US 8.8.8.8:53 122.171.210.26.in-addr.arpa udp
US 8.8.8.8:53 250.190.238.116.in-addr.arpa udp
US 8.8.8.8:53 233.57.97.63.in-addr.arpa udp
US 8.8.8.8:53 176.117.141.239.in-addr.arpa udp
US 8.8.8.8:53 104.243.56.96.in-addr.arpa udp

Files

memory/3216-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish blowjob public mature .avi.exe

MD5 1198d0bbcc6745730523b6f38da2c4cd
SHA1 957ef4e2aeffb3e63bdf646a2671849d9ca43c9a
SHA256 cac096ad2a9b67796c7fb0471d7099fb04d96a9c997f5e1ac06d6ae2c632f47a
SHA512 1e75b72f2929acdfae3d1b558971e642a31805f198b89d5456c8590e798432f4d8d20a22a14ae047c270674194ed995aa5ae7a8381e398ec183e0c30ff82eaa9

memory/5376-38-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4408-159-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3216-193-0x0000000000400000-0x0000000000420000-memory.dmp

memory/5376-194-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4408-196-0x0000000000400000-0x0000000000420000-memory.dmp