Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-28eq7shd7t
Target 8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333
SHA256 8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333

Threat Level: Known bad

The file 8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:14

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:14

Reported

2024-04-07 23:17

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\xxx gay uncut fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cumshot fucking [bangbus] (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese hardcore gay hot (!) boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fucking cumshot hot (!) fishy (Gina,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\System32\DriverStore\Temp\malaysia action catfight legs girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\german bukkake horse [milf] ash (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\spanish gay kicking [free] wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese xxx [free] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake catfight nipples YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\IME\shared\blowjob lingerie [free] 50+ (Janette,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\trambling horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black cumshot full movie (Christine,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\malaysia animal [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse horse sleeping (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian action big ash ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\DVD Maker\Shared\horse cum public (Britney,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Windows Journal\Templates\french lesbian public .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\french sperm several models upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Google\Temp\german gay licking balls (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\asian horse voyeur swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black fetish girls .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\animal hidden hole lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\chinese animal gang bang several models lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish lingerie [bangbus] lady (Britney,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\canadian gay kicking catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia cum gay hidden penetration (Sarah,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\norwegian bukkake cumshot several models blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\trambling horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore [milf] legs .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish fetish catfight gorgeoushorny (Tatjana,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\PLA\Templates\gang bang uncut ejaculation (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\fucking catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\tmp\kicking action public leather (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american sperm cum sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\french porn fucking [bangbus] beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\danish lingerie uncut high heels (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\italian lingerie bukkake public feet (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\indian gang bang action hidden boobs stockings (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\canadian blowjob handjob licking nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\temp\malaysia kicking cumshot lesbian feet shoes (Curtney,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\indian lesbian xxx public gorgeoushorny (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\british beast catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\italian lesbian horse hot (!) titts stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gay catfight hole (Christine,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\brasilian fucking public granny .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\indian handjob gang bang lesbian (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\malaysia cum [bangbus] titts sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\brasilian handjob gang bang [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay several models (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian cumshot handjob [milf] hole femdom (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\british lingerie sperm full movie (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\fucking hidden granny .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\german cumshot gang bang uncut boobs shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\gay lesbian voyeur bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\action several models wifey (Sarah,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese beastiality beast several models 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\japanese kicking fetish catfight feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish lesbian sleeping shower (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\british sperm beast licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish action xxx catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\fetish nude licking upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\bukkake [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\malaysia animal catfight hairy (Sarah,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\danish hardcore gang bang sleeping hole (Curtney,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia sperm fetish hidden gorgeoushorny (Christine,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish action voyeur (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\canadian gang bang bukkake [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\tyrkish beastiality gay licking glans (Curtney,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\nude hidden boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SoftwareDistribution\Download\african bukkake hardcore hidden legs (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\indian horse lesbian girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse sleeping blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian animal animal several models .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lingerie animal sleeping cock lady (Sylvia,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\canadian kicking [bangbus] 50+ (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british horse uncut vagina (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\canadian xxx voyeur circumcision (Sylvia,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia lesbian cum masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\danish blowjob [bangbus] mature (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang several models castration (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cumshot lesbian sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese trambling sleeping vagina redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian action voyeur YEâPSè& (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\canadian horse public bedroom (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\fetish full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\american nude hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\beast fucking public (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm catfight upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2188 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2052 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2052 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2052 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2052 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2188 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.109.165.212.in-addr.arpa udp
US 8.8.8.8:53 169.176.155.190.in-addr.arpa udp
US 8.8.8.8:53 52.223.143.253.in-addr.arpa udp
US 8.8.8.8:53 25.186.34.17.in-addr.arpa udp
US 8.8.8.8:53 60.126.118.134.in-addr.arpa udp
US 8.8.8.8:53 60.1.141.80.in-addr.arpa udp
US 8.8.8.8:53 242.23.243.222.in-addr.arpa udp
US 8.8.8.8:53 236.223.36.121.in-addr.arpa udp
US 8.8.8.8:53 251.129.45.76.in-addr.arpa udp
US 8.8.8.8:53 227.187.115.8.in-addr.arpa udp
US 8.8.8.8:53 153.10.210.217.in-addr.arpa udp
US 8.8.8.8:53 194.154.243.128.in-addr.arpa udp
US 8.8.8.8:53 150.24.162.73.in-addr.arpa udp
US 8.8.8.8:53 128.19.99.96.in-addr.arpa udp
US 8.8.8.8:53 38.155.235.143.in-addr.arpa udp
US 8.8.8.8:53 137.152.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.201.247.34.in-addr.arpa udp
US 8.8.8.8:53 184.211.230.60.in-addr.arpa udp
US 8.8.8.8:53 18.14.151.92.in-addr.arpa udp
US 8.8.8.8:53 5.219.166.57.in-addr.arpa udp
US 8.8.8.8:53 12.153.170.233.in-addr.arpa udp
US 8.8.8.8:53 174.91.211.208.in-addr.arpa udp

Files

memory/2188-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\french sperm several models upskirt .zip.exe

MD5 9bf0260712a11f1153bd942e44aac999
SHA1 1999c0ca2ab22d91b78ee102106ae4ed4bc05eb7
SHA256 fb50e983f8c7c49beddee274b5dac22efd9b076fda0ddd5627e42e61bb2447cb
SHA512 0196c1917c429140bd2fd0c08edbc1d3dde7b44d218fe45af219f351c193db483870512488184275d69ffb293e79ed09e5f460989577327ba3900e6d5227c710

memory/2052-9-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-8-0x0000000004D40000-0x0000000004D5C000-memory.dmp

memory/2052-55-0x0000000001D50000-0x0000000001D6C000-memory.dmp

memory/2452-56-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-57-0x0000000004D40000-0x0000000004D5C000-memory.dmp

memory/2360-58-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2052-93-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2452-94-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2360-95-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-96-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-97-0x0000000004D40000-0x0000000004D5C000-memory.dmp

memory/2188-98-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2052-100-0x0000000001D50000-0x0000000001D6C000-memory.dmp

memory/2188-104-0x0000000000400000-0x000000000041C000-memory.dmp

C:\debug.txt

MD5 bb9e0f8a03e4f1656a9f8fdf4361b73b
SHA1 f06f1e571d63164ab1c54709627ea38908956cd9
SHA256 60d4a167bb436a040279b94e441ac623f550e4a300fb76a8296c939d9cf24258
SHA512 2c18d222b3a073970c8b4c6fab0503005df3ac7224237df2b83842dd6402a52e5a9ff68268476d99966e9e0f4f2ddb425c1883c20afeefb1a68e762caa4fce0a

memory/2188-118-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-122-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-126-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-130-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-134-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-138-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-144-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-148-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-152-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-156-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2188-160-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:14

Reported

2024-04-07 23:17

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal trambling several models castration .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black fetish cum public vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\canadian kicking bukkake [free] black hairunshaved (Melissa,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\fetish voyeur (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\handjob fucking uncut boots (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian animal [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm gay full movie boobs upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cum fetish full movie glans castration (Sarah,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx [bangbus] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian uncut hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german action beast licking ¼ë .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\System32\DriverStore\Temp\sperm voyeur (Christine,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\indian action big ash ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\french lesbian public .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french sperm several models upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german gay licking balls (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish nude [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian blowjob beastiality voyeur ash ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\animal hidden hole lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Google\Temp\cum xxx [bangbus] ash 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\spanish lesbian big ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\hardcore hot (!) 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\dotnet\shared\horse cum public (Britney,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black fetish girls .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\trambling horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american handjob [bangbus] shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia animal [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese animal gang bang several models lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia fetish blowjob several models sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SoftwareDistribution\Download\american beastiality porn girls gorgeoushorny (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\danish animal girls cock .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\action full movie (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian animal girls (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\cumshot catfight latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\japanese animal voyeur (Britney,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\french handjob cumshot public circumcision (Janette,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\british cumshot handjob licking traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\animal voyeur titts girly .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\asian sperm hardcore masturbation vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\InstallTemp\swedish gay full movie hole .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lingerie bukkake several models legs granny .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\spanish beast beast hot (!) (Karin,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\xxx girls ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\asian lesbian hidden nipples stockings (Ashley,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\japanese lingerie licking cock upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\american trambling xxx licking .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\blowjob uncut castration .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\malaysia beastiality hot (!) (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\xxx girls vagina circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\french trambling cum full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\beastiality hot (!) titts shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\german sperm lesbian girls titts .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\canadian kicking horse [milf] feet lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fucking lingerie sleeping blondie (Britney,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\german porn [milf] cock fishy (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\chinese kicking [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\malaysia gang bang action several models granny .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\american kicking [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cum full movie swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\indian trambling blowjob several models .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\spanish gang bang nude full movie hole hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\german nude xxx hidden girly .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\swedish porn voyeur (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\blowjob xxx [free] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\italian fucking [milf] feet latex .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gang bang cum [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse hidden glans 50+ (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\black bukkake voyeur traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\japanese trambling catfight ash shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\animal lesbian girls feet (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\blowjob action masturbation mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\russian gay lingerie uncut (Jade,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\kicking nude public latex (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\lingerie bukkake [bangbus] legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\canadian blowjob handjob full movie YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore fucking hidden high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black beast [bangbus] hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\gang bang xxx big bedroom (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\beast public high heels (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\horse several models pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\spanish porn [milf] vagina wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish beast voyeur nipples granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lingerie blowjob sleeping hole stockings (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\african handjob voyeur mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\italian hardcore uncut stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\fetish sleeping glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\blowjob masturbation titts boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cum action masturbation girly (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian kicking girls high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\spanish horse beastiality uncut Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\asian lesbian porn masturbation wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\american handjob handjob [free] 50+ (Karin,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 4900 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 4900 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2184 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2184 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe
PID 2184 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe

"C:\Users\Admin\AppData\Local\Temp\8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 209.86.38.48.in-addr.arpa udp
US 8.8.8.8:53 156.242.131.5.in-addr.arpa udp
US 8.8.8.8:53 231.150.79.177.in-addr.arpa udp
US 8.8.8.8:53 124.23.254.38.in-addr.arpa udp
US 8.8.8.8:53 45.166.139.158.in-addr.arpa udp
US 8.8.8.8:53 100.48.130.169.in-addr.arpa udp
US 8.8.8.8:53 35.206.199.117.in-addr.arpa udp
US 8.8.8.8:53 121.216.114.53.in-addr.arpa udp
US 8.8.8.8:53 16.4.23.132.in-addr.arpa udp
US 8.8.8.8:53 245.203.229.40.in-addr.arpa udp
US 8.8.8.8:53 237.33.215.211.in-addr.arpa udp
US 8.8.8.8:53 27.165.92.127.in-addr.arpa udp
US 8.8.8.8:53 141.45.84.42.in-addr.arpa udp
US 8.8.8.8:53 245.201.75.127.in-addr.arpa udp
US 8.8.8.8:53 150.72.73.131.in-addr.arpa udp
US 8.8.8.8:53 242.122.6.13.in-addr.arpa udp
US 8.8.8.8:53 185.193.176.235.in-addr.arpa udp
US 8.8.8.8:53 13.140.56.38.in-addr.arpa udp
US 8.8.8.8:53 173.9.192.245.in-addr.arpa udp
US 8.8.8.8:53 238.88.236.143.in-addr.arpa udp
US 8.8.8.8:53 23.14.239.177.in-addr.arpa udp
US 8.8.8.8:53 110.126.113.79.in-addr.arpa udp
US 8.8.8.8:53 140.75.100.21.in-addr.arpa udp
US 8.8.8.8:53 105.133.239.5.in-addr.arpa udp
US 8.8.8.8:53 26.127.131.236.in-addr.arpa udp
US 8.8.8.8:53 203.72.52.190.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 89.163.255.26.in-addr.arpa udp
US 8.8.8.8:53 20.255.128.108.in-addr.arpa udp
US 8.8.8.8:53 188.107.117.46.in-addr.arpa udp
US 8.8.8.8:53 4.157.158.31.in-addr.arpa udp
US 8.8.8.8:53 225.246.224.172.in-addr.arpa udp
US 8.8.8.8:53 105.161.193.174.in-addr.arpa udp
US 8.8.8.8:53 125.81.206.146.in-addr.arpa udp
US 8.8.8.8:53 77.101.151.63.in-addr.arpa udp
US 8.8.8.8:53 163.159.230.76.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.194.249.133.in-addr.arpa udp
US 8.8.8.8:53 79.118.178.144.in-addr.arpa udp
US 8.8.8.8:53 80.86.232.172.in-addr.arpa udp
US 8.8.8.8:53 206.184.200.78.in-addr.arpa udp
US 8.8.8.8:53 51.65.9.166.in-addr.arpa udp
US 8.8.8.8:53 160.194.250.203.in-addr.arpa udp
US 8.8.8.8:53 163.251.189.115.in-addr.arpa udp
US 8.8.8.8:53 195.136.33.136.in-addr.arpa udp
US 8.8.8.8:53 57.42.66.64.in-addr.arpa udp
US 8.8.8.8:53 163.203.235.192.in-addr.arpa udp
US 8.8.8.8:53 114.119.86.207.in-addr.arpa udp
US 8.8.8.8:53 66.226.12.178.in-addr.arpa udp
US 8.8.8.8:53 227.69.166.213.in-addr.arpa udp
US 8.8.8.8:53 185.244.138.149.in-addr.arpa udp
US 8.8.8.8:53 146.201.15.12.in-addr.arpa udp
US 8.8.8.8:53 74.233.132.45.in-addr.arpa udp
US 8.8.8.8:53 244.192.2.56.in-addr.arpa udp
US 8.8.8.8:53 16.44.196.171.in-addr.arpa udp
US 8.8.8.8:53 196.51.69.30.in-addr.arpa udp
US 8.8.8.8:53 148.252.205.130.in-addr.arpa udp
US 8.8.8.8:53 178.220.73.221.in-addr.arpa udp
US 8.8.8.8:53 122.40.21.237.in-addr.arpa udp
US 8.8.8.8:53 13.147.133.133.in-addr.arpa udp
US 8.8.8.8:53 174.189.248.47.in-addr.arpa udp

Files

memory/4900-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french sperm several models upskirt .zip.exe

MD5 9bf0260712a11f1153bd942e44aac999
SHA1 1999c0ca2ab22d91b78ee102106ae4ed4bc05eb7
SHA256 fb50e983f8c7c49beddee274b5dac22efd9b076fda0ddd5627e42e61bb2447cb
SHA512 0196c1917c429140bd2fd0c08edbc1d3dde7b44d218fe45af219f351c193db483870512488184275d69ffb293e79ed09e5f460989577327ba3900e6d5227c710

memory/4900-183-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2184-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4240-185-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-187-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-191-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-193-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-202-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-205-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-209-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-212-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-215-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-218-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-221-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-224-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-227-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-230-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4900-233-0x0000000000400000-0x000000000041C000-memory.dmp