Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-29tazshf52
Target 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8
SHA256 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8

Threat Level: Known bad

The file 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:17

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:17

Reported

2024-04-07 23:19

Platform

win7-20240319-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\chinese xxx hardcore masturbation (Kathrin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian kicking [free] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american cumshot public Ôë .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gang bang [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\IME\shared\asian porn sleeping nipples lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake horse sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal girls legs stockings (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian cum catfight gorgeoushorny (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british fucking [free] glans wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\System32\DriverStore\Temp\swedish fucking horse voyeur boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\russian animal public .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\porn animal sleeping beautyfull (Karin,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\chinese cumshot cumshot hot (!) legs latex (Jenna,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm licking girly .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beastiality gay several models glans mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese gang bang big .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\asian horse animal several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\handjob xxx several models black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian beastiality action [free] vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gang bang gay voyeur legs gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian sperm bukkake lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian nude full movie boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\DVD Maker\Shared\japanese cum beast lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\chinese cum nude full movie hole upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Google\Temp\cumshot [milf] balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\german fetish lingerie hot (!) glans penetration (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\asian cumshot licking (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\african cum hot (!) ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese lingerie fucking masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake voyeur balls (Sandy,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\french blowjob kicking voyeur castration .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american animal several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\action several models .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\beastiality voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\gang bang lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french porn [milf] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian bukkake big circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking [bangbus] hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian blowjob fetish uncut redhair (Christine,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\italian lesbian sperm public (Sylvia,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\canadian beastiality xxx masturbation pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling hidden swallow (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\InstallTemp\indian hardcore bukkake lesbian vagina bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\action public boobs latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\cum catfight (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\action hot (!) wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\kicking horse hidden boobs mistress (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\beastiality action public boobs ìï (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\brasilian lesbian masturbation cock hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish lesbian xxx [milf] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish sperm voyeur shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\blowjob horse hot (!) cock high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beastiality [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\canadian cumshot nude [free] legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\black action masturbation penetration (Curtney,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\Downloaded Program Files\black bukkake kicking sleeping cock bondage (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\malaysia xxx [free] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\temp\handjob catfight balls (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american horse horse masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob public ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\handjob lingerie several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\PLA\Templates\bukkake uncut ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\brasilian fetish sperm full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese lesbian hardcore hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lingerie action [milf] fishy (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese horse cumshot voyeur bondage (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\chinese bukkake gang bang public .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\malaysia trambling [free] castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia beastiality voyeur hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\french bukkake cum sleeping girly .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian handjob beastiality girls penetration (Ashley,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cum cum voyeur upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\security\templates\chinese fucking beastiality hidden hole femdom (Janette,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\tyrkish nude hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\hardcore beastiality sleeping (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\horse beast voyeur (Janette,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian beast lesbian full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\horse [free] hole (Kathrin,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse fucking several models castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\black sperm sleeping legs latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian xxx bukkake lesbian shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\action beastiality several models lady .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob beastiality hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\norwegian blowjob cum [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian porn trambling [bangbus] (Jenna,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\nude lingerie big (Sandy,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish gang bang public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2404 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2404 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2404 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2404 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 2512 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 102.255.39.187.in-addr.arpa udp
US 8.8.8.8:53 49.187.65.85.in-addr.arpa udp
US 8.8.8.8:53 64.62.214.193.in-addr.arpa udp
US 8.8.8.8:53 254.119.193.70.in-addr.arpa udp
US 8.8.8.8:53 24.59.174.81.in-addr.arpa udp
US 8.8.8.8:53 155.26.194.107.in-addr.arpa udp
US 8.8.8.8:53 134.20.207.81.in-addr.arpa udp
US 8.8.8.8:53 200.162.57.18.in-addr.arpa udp
US 8.8.8.8:53 122.156.41.157.in-addr.arpa udp
US 8.8.8.8:53 171.97.181.187.in-addr.arpa udp
US 8.8.8.8:53 26.238.15.174.in-addr.arpa udp
US 8.8.8.8:53 44.233.51.72.in-addr.arpa udp
US 8.8.8.8:53 222.203.101.131.in-addr.arpa udp
US 8.8.8.8:53 56.226.228.166.in-addr.arpa udp
US 8.8.8.8:53 148.181.162.17.in-addr.arpa udp
US 8.8.8.8:53 214.38.126.12.in-addr.arpa udp
US 8.8.8.8:53 35.185.137.67.in-addr.arpa udp
US 8.8.8.8:53 202.63.126.127.in-addr.arpa udp
US 8.8.8.8:53 41.90.91.245.in-addr.arpa udp

Files

memory/2512-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\porn animal sleeping beautyfull (Karin,Sarah).avi.exe

MD5 057896dc32c862a6524fee69a12563e5
SHA1 dd7ab93c8845f56c17d612ce59b618867d380930
SHA256 c77739512eb6359d731bcd29cd0c4110539af29071f5c502819ae276c95bb760
SHA512 eddb09ebedba84b4b75b7edf8ac1b2d8381625511ec4899b424e22f9b372ef3010f841d6d69a277a0810136bd2ca3d2e5fa350b5bcae06c15eb99e4aa6b08d48

memory/2512-10-0x0000000004770000-0x000000000478E000-memory.dmp

memory/2404-11-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2832-53-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2404-52-0x0000000004900000-0x000000000491E000-memory.dmp

memory/2572-54-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-84-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2572-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-101-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-153-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2512-157-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:17

Reported

2024-04-07 23:19

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\russian handjob horse sleeping girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gay hidden (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian action sperm big upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake masturbation (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian nude lesbian catfight castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish porn horse girls glans swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian gang bang lingerie [milf] (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british fucking girls beautyfull (Ashley,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse public .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude lesbian public (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian action lingerie girls 40+ (Britney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian fetish gay masturbation hole (Ashley,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\fucking [bangbus] boots (Anniston,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish porn bukkake masturbation cock beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\sperm catfight bondage (Britney,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian action trambling girls .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish porn blowjob hidden Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lesbian [free] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\dotnet\shared\beast big shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish animal sperm hot (!) leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black horse xxx [bangbus] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob hardcore uncut cock castration (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Google\Temp\swedish gang bang trambling big glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian kicking sperm [bangbus] feet boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lesbian big mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\black beastiality sperm big (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\sperm catfight beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast [free] hole stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum horse [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\spanish hardcore masturbation (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian animal bukkake [bangbus] swallow (Gina,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american porn horse voyeur latex (Jenna,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\horse public 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\italian nude lingerie full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\japanese kicking horse public sm .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore girls balls .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian beastiality gay hidden sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\beast catfight YEâPSè& (Sonja,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\fucking voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\danish horse gay uncut high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\indian nude xxx several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\indian cum blowjob several models black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\russian nude sperm masturbation hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\norwegian blowjob voyeur (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese horse full movie (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\CbsTemp\danish cumshot fucking voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\tyrkish nude lingerie sleeping shower (Jenna,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\norwegian xxx lesbian high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\norwegian blowjob catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\tyrkish action sperm public glans Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\InputMethod\SHARED\indian cumshot horse uncut (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\gay girls shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fetish hardcore sleeping granny .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\action beast lesbian sm .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\french lesbian hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\assembly\temp\lesbian sleeping (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse hardcore [bangbus] glans (Christine,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\spanish sperm several models bedroom (Gina,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\indian kicking fucking uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\porn xxx masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american porn lesbian uncut (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\russian porn fucking sleeping sm (Sonja,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\spanish gay catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\norwegian bukkake big titts blondie (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\InstallTemp\xxx big glans .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\british xxx catfight shoes (Sandy,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SoftwareDistribution\Download\chinese blowjob licking feet balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\xxx big cock mature (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\Downloaded Program Files\russian nude xxx hot (!) feet (Sonja,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\russian nude xxx hidden cock bondage (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\russian kicking trambling voyeur sm .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\black handjob hardcore [free] stockings (Britney,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\african trambling big redhair (Jenna,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\chinese gay licking (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\italian horse beast catfight (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\chinese beast [free] (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\norwegian horse girls cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\french lingerie hidden castration .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia xxx uncut high heels (Sandy,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\asian fucking several models glans circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cumshot bukkake masturbation hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\spanish blowjob full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action fucking hidden feet latex (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking lesbian licking sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\malaysia blowjob [bangbus] boots .zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\brasilian animal fucking hidden feet Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\russian kicking bukkake hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\horse big castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\trambling several models .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lesbian lesbian feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian fucking several models shower (Sandy,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\horse bukkake sleeping (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 464 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 464 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 464 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 464 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 464 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 464 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 3008 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 3008 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
PID 3008 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe

"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3232 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 13.105.221.15:443 tcp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
NL 142.251.36.42:443 tcp
US 8.8.8.8:53 76.72.144.241.in-addr.arpa udp
US 8.8.8.8:53 154.100.143.22.in-addr.arpa udp
US 8.8.8.8:53 189.33.245.156.in-addr.arpa udp
US 8.8.8.8:53 171.251.105.83.in-addr.arpa udp
US 8.8.8.8:53 183.71.246.78.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 128.138.124.211.in-addr.arpa udp
US 8.8.8.8:53 136.51.19.9.in-addr.arpa udp
US 8.8.8.8:53 80.131.9.6.in-addr.arpa udp
US 8.8.8.8:53 231.206.13.10.in-addr.arpa udp
US 8.8.8.8:53 138.35.57.37.in-addr.arpa udp
US 8.8.8.8:53 99.221.255.126.in-addr.arpa udp
US 8.8.8.8:53 114.252.255.106.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.92.245.113.in-addr.arpa udp
US 8.8.8.8:53 141.90.4.251.in-addr.arpa udp
US 8.8.8.8:53 248.189.198.235.in-addr.arpa udp
US 8.8.8.8:53 11.39.131.4.in-addr.arpa udp
US 8.8.8.8:53 245.27.33.76.in-addr.arpa udp
US 8.8.8.8:53 43.80.51.232.in-addr.arpa udp
US 8.8.8.8:53 139.95.33.199.in-addr.arpa udp
US 8.8.8.8:53 210.36.131.36.in-addr.arpa udp
US 8.8.8.8:53 4.119.42.140.in-addr.arpa udp
US 8.8.8.8:53 116.180.237.83.in-addr.arpa udp
US 8.8.8.8:53 50.215.127.49.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 161.253.204.174.in-addr.arpa udp
US 8.8.8.8:53 232.143.208.38.in-addr.arpa udp
US 8.8.8.8:53 57.124.127.231.in-addr.arpa udp
US 8.8.8.8:53 15.243.120.36.in-addr.arpa udp
US 8.8.8.8:53 208.80.222.191.in-addr.arpa udp
US 8.8.8.8:53 29.139.235.78.in-addr.arpa udp
US 8.8.8.8:53 208.200.208.149.in-addr.arpa udp
US 8.8.8.8:53 72.77.152.72.in-addr.arpa udp
US 8.8.8.8:53 13.31.157.93.in-addr.arpa udp
US 8.8.8.8:53 238.216.67.184.in-addr.arpa udp
US 8.8.8.8:53 201.167.13.122.in-addr.arpa udp
US 8.8.8.8:53 221.145.242.68.in-addr.arpa udp
US 8.8.8.8:53 244.66.208.143.in-addr.arpa udp
US 8.8.8.8:53 213.174.58.201.in-addr.arpa udp
US 8.8.8.8:53 144.4.148.60.in-addr.arpa udp
US 8.8.8.8:53 131.82.189.210.in-addr.arpa udp
US 8.8.8.8:53 132.240.126.224.in-addr.arpa udp
US 8.8.8.8:53 83.38.139.2.in-addr.arpa udp
US 8.8.8.8:53 73.104.111.106.in-addr.arpa udp
US 8.8.8.8:53 81.248.215.6.in-addr.arpa udp
US 8.8.8.8:53 28.49.217.199.in-addr.arpa udp
US 8.8.8.8:53 219.13.212.224.in-addr.arpa udp
US 8.8.8.8:53 19.233.140.145.in-addr.arpa udp
US 8.8.8.8:53 91.62.71.139.in-addr.arpa udp
US 8.8.8.8:53 35.145.13.94.in-addr.arpa udp
US 8.8.8.8:53 36.131.61.156.in-addr.arpa udp
US 8.8.8.8:53 8.44.133.103.in-addr.arpa udp
US 8.8.8.8:53 248.104.208.82.in-addr.arpa udp
US 8.8.8.8:53 150.183.174.246.in-addr.arpa udp
US 8.8.8.8:53 25.40.221.230.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 57.134.216.84.in-addr.arpa udp

Files

memory/464-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe

MD5 b262dc1299756b8615d14f1f882e4af3
SHA1 f3461c864c419471542938c1261c564e12f720fb
SHA256 0835584fab1345475dcca532662aae22c2551d4a170912ac292b4eabb75a403a
SHA512 e00d21079fc20aed19acef5fb0f70b35a8d1fcdd8628dc3d7485ccdeb4df3575e1d696c441435024d8158de3ca4cbdec7c9f67f21c44939dd84ff539bb9a73c0

memory/464-144-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3008-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3468-171-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-174-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3280-172-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-203-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-236-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-240-0x0000000000400000-0x000000000041E000-memory.dmp

memory/464-244-0x0000000000400000-0x000000000041E000-memory.dmp