Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3hav1ahh95
Target 93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c
SHA256 93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c

Threat Level: Known bad

The file 93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:30

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:30

Reported

2024-04-07 23:32

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\trambling full movie ejaculation (Kathrin,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse girls hole sm .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish cum bukkake catfight Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian animal horse licking 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish action hardcore public (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action blowjob [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian handjob fucking uncut mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking [free] bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\beast licking (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm catfight titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american horse hardcore girls .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\DVD Maker\Shared\italian nude bukkake masturbation granny .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Windows Journal\Templates\japanese nude fucking masturbation titts granny (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking [milf] glans mature .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling uncut hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish nude lesbian uncut mistress (Ashley,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast voyeur hole pregnant (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\tyrkish porn lingerie [bangbus] gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian porn lingerie [free] hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx girls feet leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian animal beast masturbation castration .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\indian nude xxx full movie girly (Gina,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\hardcore public cock upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie hot (!) ¤ã (Sandy,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\hardcore [milf] (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\swedish cum gay [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\norwegian gay voyeur glans stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\lesbian several models YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\african trambling hot (!) titts 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish kicking sperm sleeping 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal trambling licking upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking sperm full movie boots .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\porn beast uncut beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\norwegian xxx masturbation balls .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\tyrkish gang bang horse hot (!) cock leather .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian gang bang fucking sleeping titts sm (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore public cock 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian bukkake licking (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish animal gay [bangbus] titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay several models cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\american nude sperm girls .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\hardcore [bangbus] titts stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\danish cumshot hardcore licking glans ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\InstallTemp\african fucking big (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\cumshot xxx licking cock .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian fucking sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\horse xxx [free] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\kicking horse sleeping titts .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking bukkake licking glans 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore hot (!) ¼ç .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german lesbian hidden balls .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black cum fucking hidden cock beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gay hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\action blowjob several models hole young (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore public redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian trambling licking cock bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\hardcore voyeur glans 40+ (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian bukkake sleeping bedroom (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia lingerie masturbation ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\american fetish lesbian uncut hole .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\malaysia sperm catfight glans black hairunshaved (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\fetish blowjob [milf] bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french lingerie uncut high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\chinese horse [milf] titts mature (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\lingerie licking cock .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\tmp\tyrkish horse lingerie several models hole leather .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish porn horse hidden feet (Sandy,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\bukkake full movie glans stockings (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african beast public upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\italian handjob trambling licking ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\spanish horse lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia blowjob big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\brasilian nude gay sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese gang bang gay lesbian cock blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\japanese action lesbian hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\chinese xxx public balls (Christine,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian handjob beast [free] fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\xxx big hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\beastiality gay uncut mature (Kathrin,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish kicking trambling hot (!) shower .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish fetish lesbian masturbation glans granny .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\malaysia fucking lesbian sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\sperm masturbation cock sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2972 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2972 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2972 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2972 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2464 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2464 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2464 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2464 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 242.250.102.220.in-addr.arpa udp
US 8.8.8.8:53 207.169.10.133.in-addr.arpa udp
US 8.8.8.8:53 243.89.108.142.in-addr.arpa udp
US 8.8.8.8:53 39.31.224.55.in-addr.arpa udp
US 8.8.8.8:53 162.143.161.79.in-addr.arpa udp
US 8.8.8.8:53 180.170.108.165.in-addr.arpa udp
US 8.8.8.8:53 132.85.90.249.in-addr.arpa udp
US 8.8.8.8:53 39.51.240.207.in-addr.arpa udp
US 8.8.8.8:53 14.197.172.180.in-addr.arpa udp
US 8.8.8.8:53 47.83.247.174.in-addr.arpa udp
US 8.8.8.8:53 174.253.231.69.in-addr.arpa udp
US 8.8.8.8:53 153.220.73.28.in-addr.arpa udp
US 8.8.8.8:53 38.145.88.178.in-addr.arpa udp
US 8.8.8.8:53 136.201.101.5.in-addr.arpa udp
US 8.8.8.8:53 210.175.27.192.in-addr.arpa udp
US 8.8.8.8:53 5.113.78.184.in-addr.arpa udp
US 8.8.8.8:53 190.187.252.171.in-addr.arpa udp
US 8.8.8.8:53 220.175.212.2.in-addr.arpa udp
US 8.8.8.8:53 134.87.171.118.in-addr.arpa udp
US 8.8.8.8:53 11.186.142.9.in-addr.arpa udp
US 8.8.8.8:53 1.39.148.200.in-addr.arpa udp
US 8.8.8.8:53 198.196.196.140.in-addr.arpa udp
US 8.8.8.8:53 205.107.218.116.in-addr.arpa udp
US 8.8.8.8:53 87.245.230.119.in-addr.arpa udp
US 8.8.8.8:53 70.183.48.59.in-addr.arpa udp
US 8.8.8.8:53 115.200.77.144.in-addr.arpa udp
US 8.8.8.8:53 225.237.122.89.in-addr.arpa udp

Files

memory/2972-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling uncut hotel .zip.exe

MD5 2d228e9d29bde5630170aa7ab177637a
SHA1 10f16ae7a456608b0590bee86d68bdc2bd1a26dd
SHA256 625c2425f72a658716c69e621997dccc4419f0c1416ac84eb224fc601d5e15c8
SHA512 d8784ee3f667fa71ad98384b6bdbf45be7befc5993f579c0e3c50cc78dc676d10167f416f5faaa66e1392df8b40328f7a16ac48be32a45e7301a1771f249d0e5

memory/2972-64-0x00000000051B0000-0x00000000051CF000-memory.dmp

memory/2464-65-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2464-86-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

memory/1896-87-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2972-104-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2972-106-0x00000000051B0000-0x00000000051CF000-memory.dmp

memory/2464-107-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2464-108-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

memory/1896-109-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:30

Reported

2024-04-07 23:32

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish beast masturbation hole sweet (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german blowjob uncut ash 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian handjob porn hot (!) gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action bukkake lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn hardcore full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beast beast hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american sperm hardcore big sm (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian action [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\nude lesbian sleeping titts (Sarah,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian animal gang bang girls titts (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob uncut wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob hidden feet (Anniston,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\hardcore nude [bangbus] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\blowjob handjob public (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\brasilian cumshot action licking (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality [milf] hairy (Ashley,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia kicking [bangbus] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fetish gang bang voyeur penetration (Karin,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action voyeur cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx lingerie [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\norwegian cum public leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\norwegian bukkake lesbian [free] blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling lesbian YEâPSè& (Janette,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\dotnet\shared\fetish full movie gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse [milf] pregnant (Gina,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\spanish kicking big .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Google\Temp\norwegian kicking fetish big nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beastiality voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\danish handjob porn big .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\asian kicking lesbian balls .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\trambling bukkake licking blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian cumshot fetish [bangbus] hole ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\bukkake kicking [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british trambling hot (!) mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\american beast xxx voyeur (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\handjob hardcore licking high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese cum fetish [milf] boobs fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish handjob sperm licking boobs high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\swedish beast porn several models traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\trambling sleeping hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\swedish sperm horse several models castration (Sonja,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\horse gay uncut nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\chinese hardcore public ash .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\gang bang cumshot licking legs circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\japanese handjob horse hot (!) boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish fetish cumshot lesbian ash (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british horse fetish public girly .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\spanish cum [free] boobs shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\canadian trambling cum [free] glans granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\tyrkish beastiality blowjob [free] leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\handjob beastiality [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\InstallTemp\fetish sleeping upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american trambling fetish hot (!) pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\german lesbian masturbation high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\german gang bang uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\french nude lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\malaysia horse lesbian hidden upskirt (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\african animal full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\swedish action full movie feet young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american lesbian licking 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african beastiality [milf] (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\asian handjob big ash mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob beast big wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american gang bang lesbian licking bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\british horse nude full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian horse horse public titts femdom (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish [bangbus] penetration (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian trambling girls beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german action public .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\brasilian action action hidden beautyfull (Tatjana,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\cum hidden boobs bondage (Jade,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\beast bukkake catfight glans upskirt (Karin,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\black animal sperm [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\italian action cum licking (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish horse blowjob big hotel (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\brasilian blowjob trambling public nipples traffic (Karin,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fetish girls .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\british nude beastiality [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\bukkake hot (!) circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\horse big .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\InputMethod\SHARED\brasilian gang bang [bangbus] cock (Melissa,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\tyrkish sperm handjob hidden nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\american xxx bukkake big .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\fetish hot (!) pregnant (Tatjana,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\nude beast [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\fucking [bangbus] legs (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\cum girls sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\spanish handjob big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\kicking horse public titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\italian beast full movie leather .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\british porn xxx sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\danish cum sperm [free] high heels (Liz,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\indian gay [bangbus] vagina YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\fucking kicking hot (!) lady .rar.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2556 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2556 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2556 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2556 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2556 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 2556 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 1572 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 1572 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
PID 1572 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe

"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 1.255.68.176.in-addr.arpa udp
US 8.8.8.8:53 165.6.200.164.in-addr.arpa udp
US 8.8.8.8:53 83.149.69.136.in-addr.arpa udp
US 8.8.8.8:53 28.190.164.219.in-addr.arpa udp
US 8.8.8.8:53 218.170.15.8.in-addr.arpa udp
US 8.8.8.8:53 68.221.170.183.in-addr.arpa udp
US 8.8.8.8:53 113.239.159.150.in-addr.arpa udp
US 8.8.8.8:53 150.227.156.108.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 51.202.161.54.in-addr.arpa udp
US 8.8.8.8:53 71.111.161.135.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 166.167.11.77.in-addr.arpa udp
US 8.8.8.8:53 59.20.72.221.in-addr.arpa udp
US 8.8.8.8:53 237.111.30.144.in-addr.arpa udp
US 8.8.8.8:53 5.72.204.153.in-addr.arpa udp
US 8.8.8.8:53 227.210.174.206.in-addr.arpa udp
US 8.8.8.8:53 50.210.188.113.in-addr.arpa udp
US 8.8.8.8:53 184.173.45.61.in-addr.arpa udp
US 8.8.8.8:53 6.178.61.189.in-addr.arpa udp
US 8.8.8.8:53 118.143.65.51.in-addr.arpa udp
US 8.8.8.8:53 35.195.171.130.in-addr.arpa udp
US 8.8.8.8:53 29.171.24.116.in-addr.arpa udp
US 8.8.8.8:53 187.199.120.136.in-addr.arpa udp
US 8.8.8.8:53 103.65.89.63.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 103.183.161.188.in-addr.arpa udp
US 8.8.8.8:53 185.33.80.187.in-addr.arpa udp
US 8.8.8.8:53 113.173.73.251.in-addr.arpa udp
US 8.8.8.8:53 192.232.69.196.in-addr.arpa udp
US 8.8.8.8:53 237.73.101.152.in-addr.arpa udp
US 8.8.8.8:53 76.7.244.132.in-addr.arpa udp
US 8.8.8.8:53 121.137.254.150.in-addr.arpa udp
US 8.8.8.8:53 35.49.250.102.in-addr.arpa udp
US 8.8.8.8:53 137.254.48.28.in-addr.arpa udp
US 8.8.8.8:53 182.82.199.129.in-addr.arpa udp
US 8.8.8.8:53 60.139.72.147.in-addr.arpa udp
US 8.8.8.8:53 147.74.196.233.in-addr.arpa udp
US 8.8.8.8:53 209.42.102.28.in-addr.arpa udp
US 8.8.8.8:53 81.148.35.65.in-addr.arpa udp
US 8.8.8.8:53 66.193.225.161.in-addr.arpa udp
US 8.8.8.8:53 15.14.55.199.in-addr.arpa udp
US 8.8.8.8:53 1.12.116.132.in-addr.arpa udp
US 8.8.8.8:53 88.102.253.196.in-addr.arpa udp
US 8.8.8.8:53 68.80.24.197.in-addr.arpa udp
US 8.8.8.8:53 142.4.72.135.in-addr.arpa udp
US 8.8.8.8:53 17.213.185.251.in-addr.arpa udp
US 8.8.8.8:53 233.145.182.195.in-addr.arpa udp
US 8.8.8.8:53 197.235.181.199.in-addr.arpa udp
US 8.8.8.8:53 144.141.13.66.in-addr.arpa udp
US 8.8.8.8:53 107.96.91.174.in-addr.arpa udp
US 8.8.8.8:53 189.238.182.205.in-addr.arpa udp
US 8.8.8.8:53 97.14.237.241.in-addr.arpa udp
US 8.8.8.8:53 229.43.129.34.in-addr.arpa udp
US 8.8.8.8:53 86.103.216.99.in-addr.arpa udp
US 8.8.8.8:53 192.75.63.62.in-addr.arpa udp
US 8.8.8.8:53 179.142.90.6.in-addr.arpa udp
US 8.8.8.8:53 202.42.179.65.in-addr.arpa udp
US 8.8.8.8:53 213.96.189.249.in-addr.arpa udp
US 8.8.8.8:53 229.164.56.67.in-addr.arpa udp
US 8.8.8.8:53 164.178.204.238.in-addr.arpa udp
US 8.8.8.8:53 12.104.118.203.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

memory/2556-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fetish gang bang voyeur penetration (Karin,Sandy).avi.exe

MD5 f9255a860fa14a9dd74fa4689472ce05
SHA1 1c8ff1cb98f9b60382be6da2b1766bcb69498e08
SHA256 e4661f73ce3833a5d8334af3b228a104390c5700984fb054cfa740b2bec59e0e
SHA512 eb8e11c400d43c5d814c3c00658138a09e52c43308f787882c599e78eddacba796224e813cfb9e8db70bd263ac41e1f0bc0308200fcec7c5ff55ecbf23a6dac5

memory/1572-30-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3704-153-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2932-155-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2556-193-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1572-199-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3704-200-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2932-201-0x0000000000400000-0x000000000041F000-memory.dmp