Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3fpldahf9y
Target 929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc
SHA256 929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc

Threat Level: Known bad

The file 929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:27

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:27

Reported

2024-04-07 23:30

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\horse [milf] hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking lesbian (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian porn hardcore hot (!) girly .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian handjob trambling masturbation feet ash (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian full movie glans .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast sleeping (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian porn beast public feet pregnant (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake big titts ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [bangbus] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\System32\DriverStore\Temp\hardcore catfight swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\brasilian beastiality lesbian masturbation granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore hidden cock redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian gang bang xxx sleeping high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\japanese kicking fucking voyeur (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking several models hole ash (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking lesbian cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\brasilian cumshot lesbian uncut mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lingerie full movie (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish handjob lingerie lesbian feet beautyfull (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\italian cumshot beast [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese cumshot lesbian licking bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm several models mature .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese handjob sperm sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking voyeur bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish animal gay girls cock penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\dotnet\shared\black porn fucking voyeur penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake public titts beautyfull (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian kicking lesbian [bangbus] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\swedish handjob beast hot (!) (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Google\Temp\black action lesbian voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\japanese fetish horse sleeping cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\bukkake girls YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\african lingerie lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\british xxx hidden feet Ôï (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\japanese beastiality trambling several models feet femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\beastiality horse hot (!) titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\african lesbian girls boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\russian handjob horse [bangbus] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\handjob xxx voyeur cock .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\beastiality hardcore [milf] cock upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\french lingerie sleeping swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\black cumshot blowjob big .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cumshot horse full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian bukkake big .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cumshot beast girls (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish action blowjob [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\trambling several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\trambling voyeur 40+ (Kathrin,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\african bukkake catfight hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude trambling several models glans boots (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\black horse blowjob catfight (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\fetish lingerie voyeur cock fishy (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\lingerie [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian lesbian public hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast catfight feet lady .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\gang bang lingerie lesbian castration .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\animal horse licking (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\horse gay licking boots .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\InputMethod\SHARED\japanese handjob fucking public young (Christine,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\beastiality hardcore hot (!) cock .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\bukkake [free] penetration (Jenna,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish animal xxx [free] cock young (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\sperm big sm (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian blowjob lesbian hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\trambling lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish animal gay public feet gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\canadian blowjob licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\porn lingerie sleeping hotel (Anniston,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\hardcore masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\malaysia hardcore several models hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\blowjob voyeur ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\kicking sperm full movie 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\african xxx girls 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality lesbian catfight titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french trambling girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\porn gay public cock .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\brasilian kicking fucking big girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\asian fucking public hole leather (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\nude sperm sleeping mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\Temp\asian blowjob big glans hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\temp\bukkake sleeping bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian handjob hardcore [milf] shower .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\tyrkish nude hardcore hot (!) cock granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\french beast several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\sperm catfight penetration (Gina,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese beastiality hardcore several models redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn sperm [free] cock stockings (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\PLA\Templates\fucking lesbian feet pregnant (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish blowjob sleeping hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\action xxx [bangbus] shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian animal fucking girls feet hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\Downloaded Program Files\trambling [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\german gay full movie latex (Ashley,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\black animal bukkake several models balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1188 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 1188 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 1188 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 1188 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 1188 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 1188 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2244 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2244 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2244 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3232 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 13.105.221.15:443 tcp
NL 142.251.36.42:443 tcp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.152.99.180.in-addr.arpa udp
US 8.8.8.8:53 161.136.91.237.in-addr.arpa udp
US 8.8.8.8:53 65.26.119.40.in-addr.arpa udp
US 8.8.8.8:53 52.106.89.90.in-addr.arpa udp
US 8.8.8.8:53 216.99.100.30.in-addr.arpa udp
US 8.8.8.8:53 74.69.77.149.in-addr.arpa udp
US 8.8.8.8:53 190.122.243.234.in-addr.arpa udp
US 8.8.8.8:53 85.73.109.144.in-addr.arpa udp
US 8.8.8.8:53 166.143.47.31.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 177.255.139.153.in-addr.arpa udp
US 8.8.8.8:53 199.166.219.61.in-addr.arpa udp
US 8.8.8.8:53 63.205.10.215.in-addr.arpa udp
US 8.8.8.8:53 72.216.192.150.in-addr.arpa udp
US 8.8.8.8:53 128.237.197.248.in-addr.arpa udp
US 8.8.8.8:53 74.10.131.238.in-addr.arpa udp
US 8.8.8.8:53 61.171.56.30.in-addr.arpa udp
US 8.8.8.8:53 137.3.203.80.in-addr.arpa udp
US 8.8.8.8:53 151.127.134.172.in-addr.arpa udp
US 8.8.8.8:53 225.39.220.81.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 38.69.242.241.in-addr.arpa udp
US 8.8.8.8:53 251.244.232.188.in-addr.arpa udp
US 8.8.8.8:53 155.235.48.252.in-addr.arpa udp
US 8.8.8.8:53 179.183.65.33.in-addr.arpa udp
US 8.8.8.8:53 91.62.127.146.in-addr.arpa udp
US 8.8.8.8:53 114.214.56.96.in-addr.arpa udp
US 8.8.8.8:53 218.230.26.211.in-addr.arpa udp
US 8.8.8.8:53 253.81.110.187.in-addr.arpa udp
US 8.8.8.8:53 112.114.90.143.in-addr.arpa udp
US 8.8.8.8:53 26.246.195.36.in-addr.arpa udp
US 8.8.8.8:53 66.156.61.137.in-addr.arpa udp
US 8.8.8.8:53 60.110.59.61.in-addr.arpa udp
US 8.8.8.8:53 159.102.77.79.in-addr.arpa udp
US 8.8.8.8:53 76.183.44.35.in-addr.arpa udp
US 8.8.8.8:53 67.200.231.131.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 170.71.121.221.in-addr.arpa udp
US 8.8.8.8:53 14.33.8.179.in-addr.arpa udp

Files

memory/1188-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake public titts beautyfull (Sarah).rar.exe

MD5 cb18280ae41b6a774bb2c2b54420869c
SHA1 c83a716ff0fb8c9b9b872c0422687de9b6532fbe
SHA256 22b77104367e6a18a1a50d8bbcf6125ec9999dd3f098361de3f1705aa6feb878
SHA512 fef2911630b6073d553b25901effb7f7779733a2635215854f9f036a311bfebe2a2bd7273bef9b20652e1c2e0695ef84614713ee146a3c2ee2c50f75b6916366

memory/2244-16-0x0000000000400000-0x0000000000420000-memory.dmp

memory/928-120-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1260-126-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1188-186-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2244-191-0x0000000000400000-0x0000000000420000-memory.dmp

memory/928-195-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1260-197-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:27

Reported

2024-04-07 23:30

Platform

win7-20240221-en

Max time kernel

154s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese animal xxx [milf] (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black cumshot lesbian girls mature .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian cum gay full movie feet .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore full movie latex .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\xxx [free] titts mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american action hardcore [free] mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian cum lingerie hidden (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\lesbian [bangbus] titts fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian horse fucking [bangbus] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum sperm big glans .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\gay several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality lesbian licking young (Sandy,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay hidden feet circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse [milf] hole (Jenna,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling masturbation blondie (Jenna,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese handjob beast [bangbus] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality horse full movie hole castration (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black gang bang gay [bangbus] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian horse trambling licking circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\gay hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian handjob beast hot (!) glans sm (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\american cumshot trambling several models feet mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish beastiality lingerie several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\russian nude sperm several models (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american cum horse catfight hole .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm big leather (Jenna,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\animal blowjob full movie hole swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian trambling hot (!) YEâPSè& (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\indian action gay uncut titts .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\lingerie lesbian balls .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\horse gay girls (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lingerie voyeur hole ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\hardcore masturbation hole swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude horse full movie granny (Sandy,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\nude lingerie full movie lady .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gang bang hardcore masturbation sweet (Ashley,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\lingerie lesbian high heels (Sonja,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish nude lingerie masturbation (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\canadian gay licking granny .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\kicking sperm hidden hole .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\security\templates\fucking several models blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\canadian bukkake full movie (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese sperm hidden balls (Sonja,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian xxx [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beastiality horse licking (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\spanish blowjob [free] (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake voyeur sm (Sandy,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\american cum hardcore [bangbus] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\swedish animal fucking uncut cock penetration (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lesbian catfight glans (Kathrin,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\asian xxx sleeping feet high heels (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\gay big boots (Kathrin,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\norwegian trambling lesbian titts ejaculation (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia gay public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish animal blowjob catfight (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [bangbus] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum horse uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french blowjob lesbian glans upskirt (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish gay [milf] cock femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [free] titts high heels (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality hardcore big .rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\african lingerie [milf] balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\gay sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian fetish gay uncut (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian blowjob hot (!) titts pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\porn trambling [bangbus] feet latex (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\sperm several models ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\beastiality sperm hot (!) swallow (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lingerie [bangbus] feet YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian cum blowjob several models sm .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse licking (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\asian xxx masturbation 50+ (Christine,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal xxx [milf] cock fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\kicking fucking full movie (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\lesbian [bangbus] (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french trambling masturbation ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\InstallTemp\russian action bukkake masturbation beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese trambling uncut hole 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\bukkake masturbation latex (Christine,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese gang bang fucking public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french blowjob [bangbus] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\danish nude bukkake public (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish cumshot sperm masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\canadian beast hot (!) feet penetration (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\PLA\Templates\beast [bangbus] cock ash (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gang bang lesbian lesbian titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse [free] YEâPSè& (Christine,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 2156 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 3004 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 3004 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 3004 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
PID 3004 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe

"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 255.84.129.158.in-addr.arpa udp
US 8.8.8.8:53 182.76.55.65.in-addr.arpa udp
US 8.8.8.8:53 67.192.235.175.in-addr.arpa udp
US 8.8.8.8:53 30.183.157.2.in-addr.arpa udp
US 8.8.8.8:53 53.39.133.16.in-addr.arpa udp
US 8.8.8.8:53 142.128.106.171.in-addr.arpa udp
US 8.8.8.8:53 79.207.211.30.in-addr.arpa udp
US 8.8.8.8:53 23.91.195.50.in-addr.arpa udp
US 8.8.8.8:53 13.161.27.179.in-addr.arpa udp
US 8.8.8.8:53 202.137.10.60.in-addr.arpa udp
US 8.8.8.8:53 51.252.220.233.in-addr.arpa udp
US 8.8.8.8:53 228.90.234.93.in-addr.arpa udp
US 8.8.8.8:53 77.243.126.132.in-addr.arpa udp
US 8.8.8.8:53 81.128.146.251.in-addr.arpa udp
US 8.8.8.8:53 191.91.76.45.in-addr.arpa udp
US 8.8.8.8:53 107.129.253.81.in-addr.arpa udp
US 8.8.8.8:53 234.246.214.178.in-addr.arpa udp
US 8.8.8.8:53 208.194.249.65.in-addr.arpa udp
US 8.8.8.8:53 222.165.16.124.in-addr.arpa udp
US 8.8.8.8:53 254.226.41.205.in-addr.arpa udp
US 8.8.8.8:53 65.200.135.243.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2156-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality lesbian licking young (Sandy,Jade).mpg.exe

MD5 cefcb100eae12e0e431a254d24e8b71f
SHA1 e66184c07f45fc4a63b206282c10c1f777b9041f
SHA256 2034ea248f4e593161a25695d20b780eff0200b30e92e147c4792d5b2c77a85a
SHA512 ed24a9d4feda405dce2f1cf741de791bf4da2379d4cf9d7ce2a6f9d4c4a232e78ec5b0bae80fecdcaca63f5c23d23d0c5627c70586bd0390f2e0795cb79b3aae

memory/2156-8-0x0000000004870000-0x0000000004890000-memory.dmp

memory/3004-9-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3004-56-0x0000000002090000-0x00000000020B0000-memory.dmp

memory/2440-57-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2408-58-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2156-96-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2156-97-0x0000000004870000-0x0000000004890000-memory.dmp

memory/3004-100-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2440-104-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 7e01dc3087852f152b614d51c75a90ec
SHA1 bde6a5a2d6479d5805c168baaf5903488e165d7b
SHA256 fbbcfda62edc9276a5f221a00dabc87fec936ae1b27bea9cb4f7043aba988bc8
SHA512 60014cb79fb8d2ff31fc859fded51cacac113fd441144fb51a505d5a4d02998b7677b7fc42abf38e5376d12033318789627149e4529d746366e147baebed8adc