Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3qgnhsaa8t
Target 998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4
SHA256 998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4

Threat Level: Known bad

The file 998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:42

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:42

Reported

2024-04-07 23:45

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\xxx [bangbus] pregnant (Anniston,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black kicking bukkake big fishy (Britney,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british fucking uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american gang bang blowjob uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake girls (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian handjob beast full movie hole beautyfull (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black fetish sperm masturbation titts balls (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish gang bang blowjob big gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\action sperm several models hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese animal beast [free] cock girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\american action horse [milf] hole hairy (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Windows Journal\Templates\hardcore hidden fishy (Christine,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian handjob lingerie [free] glans ìï (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese gang bang horse girls sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\gay licking boots .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian animal hardcore several models glans .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lesbian catfight shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish animal horse [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality hardcore full movie (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish handjob beast hot (!) blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\tyrkish nude sperm hidden (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore voyeur ash .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\russian animal blowjob full movie titts shower .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm [bangbus] hole beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\african sperm catfight circumcision (Sandy,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\malaysia xxx uncut high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\handjob blowjob several models feet .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\security\templates\tyrkish cum blowjob [free] glans black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian sperm big titts high heels (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\african trambling full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cumshot lingerie several models (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish nude bukkake full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gang bang hardcore [bangbus] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian kicking lesbian sleeping swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\malaysia bukkake full movie titts mature .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\kicking gay voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gang bang xxx [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\african lingerie licking (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\animal gay hot (!) titts mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian horse beast catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob [free] (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot blowjob public glans upskirt (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\indian porn horse full movie swallow (Sandy,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian trambling full movie beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse full movie redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian action bukkake [free] cock wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\tmp\swedish cumshot lesbian voyeur titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british bukkake full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french hardcore sleeping glans swallow (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german bukkake [bangbus] (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian animal bukkake public (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish bukkake hidden glans beautyfull (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian beastiality blowjob big hole balls (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\african xxx voyeur leather (Jenna,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\french trambling full movie beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast masturbation cock upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia beast girls beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\norwegian hardcore [free] (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese hardcore hidden girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian cumshot gay public (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gay girls feet black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\german blowjob [bangbus] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cum blowjob catfight glans pregnant (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action beast voyeur (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish action lesbian voyeur redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse blowjob public cock boots .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\french lingerie catfight (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\russian beastiality blowjob full movie feet castration .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian handjob lingerie voyeur titts beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\trambling masturbation cock wifey (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian licking feet traffic (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american handjob sperm [free] femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lingerie hidden shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\hardcore hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie big hole traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\british sperm masturbation boots (Sonja,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\trambling girls YEâPSè& (Sonja,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\african horse big YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\asian sperm [bangbus] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish action beast uncut latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american beastiality hardcore several models glans swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish animal sperm girls girly (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\cumshot horse full movie castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\swedish porn lingerie sleeping pregnant (Britney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german xxx catfight hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian fucking lesbian mistress (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 2596 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 2596 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 2596 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 2596 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1624 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.84.154.155.in-addr.arpa udp
US 8.8.8.8:53 131.167.149.79.in-addr.arpa udp
US 8.8.8.8:53 200.255.142.67.in-addr.arpa udp
US 8.8.8.8:53 229.198.134.82.in-addr.arpa udp
US 8.8.8.8:53 176.200.1.18.in-addr.arpa udp
US 8.8.8.8:53 50.135.89.106.in-addr.arpa udp
US 8.8.8.8:53 64.123.209.93.in-addr.arpa udp
US 8.8.8.8:53 123.218.95.135.in-addr.arpa udp
US 8.8.8.8:53 142.66.188.120.in-addr.arpa udp
US 8.8.8.8:53 159.91.125.90.in-addr.arpa udp
US 8.8.8.8:53 61.242.248.90.in-addr.arpa udp
US 8.8.8.8:53 6.95.214.97.in-addr.arpa udp
US 8.8.8.8:53 217.84.145.8.in-addr.arpa udp
US 8.8.8.8:53 226.226.86.66.in-addr.arpa udp
US 8.8.8.8:53 130.237.99.134.in-addr.arpa udp
US 8.8.8.8:53 159.159.162.180.in-addr.arpa udp
US 8.8.8.8:53 220.187.33.238.in-addr.arpa udp
US 8.8.8.8:53 57.130.70.111.in-addr.arpa udp
US 8.8.8.8:53 29.247.204.135.in-addr.arpa udp

Files

memory/1624-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\action sperm several models hole .mpeg.exe

MD5 15eb796b4e6a5f946b45f13bedec82b2
SHA1 fa2f1b878a506f2f0429c1b8c2d3f89a16a40aa7
SHA256 0b60f365788ff81119793f486704b175a91a9c37ca331d9ac3c706cee305d107
SHA512 7acc020b2484623b7388e5e5652bb11207b4230dd59ecd3eeb950a26111295181c4ed0d9d8be0c1f09fec4c34f9ed4d42edf0ae003eff31f43874b017a0af30f

memory/1624-9-0x0000000005050000-0x0000000005070000-memory.dmp

memory/2596-10-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2576-57-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2544-56-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2596-55-0x0000000002050000-0x0000000002070000-memory.dmp

memory/1624-92-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2596-93-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2576-95-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-96-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-97-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-99-0x0000000005050000-0x0000000005070000-memory.dmp

memory/1624-102-0x0000000005090000-0x00000000050B0000-memory.dmp

memory/1624-104-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-108-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 02b0b2842d0469b373d90bf3bb7387ec
SHA1 81d789d689ae5dc77cf5bde77585cb4c90f57b9b
SHA256 7bd0bd62704a40e24dcd8af31ec3d2c186079920965d4de126dc1313473cf0d7
SHA512 c77e3da42dea2cfe8becf7ebd97bb4a38b9bb335262bc884119c5682b71b6768b40f08dcf410b9f8a51f1b9d0669a7f17f8d70637052801dbedcdea473379088

memory/1624-122-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-126-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-130-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-134-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-140-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-144-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-148-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-152-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-156-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1624-160-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:42

Reported

2024-04-07 23:45

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\lingerie [milf] (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish action lesbian hidden feet .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\bukkake voyeur glans penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish xxx hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cumshot lingerie masturbation (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm catfight tß .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx full movie fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian horse blowjob [free] young .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american beastiality xxx [bangbus] cock sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian porn horse full movie wifey (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\asian lesbian catfight YEâPSè& (Ashley,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\russian handjob hardcore lesbian titts .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking lesbian hotel (Sonja,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse fucking girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\danish action xxx [bangbus] (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking gay uncut cock ash (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american nude blowjob catfight hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian fetish fucking voyeur feet ash (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\horse big .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Google\Temp\tyrkish horse sperm masturbation balls (Jenna,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking licking hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\russian kicking lingerie full movie hole .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\dotnet\shared\italian fetish beast public femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian action fucking masturbation lady (Kathrin,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\norwegian bukkake [bangbus] glans sm .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast sleeping cock latex (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse catfight mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\bukkake girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob public titts penetration (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese handjob bukkake [bangbus] hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\italian kicking bukkake girls titts balls .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\japanese cumshot beast several models stockings (Christine,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\danish beastiality fucking uncut cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish beastiality xxx hot (!) upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\asian fucking hidden fishy (Anniston,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\hardcore [bangbus] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian gang bang blowjob several models circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\british blowjob several models hole young .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\spanish horse sleeping upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian animal horse lesbian 40+ (Sandy,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian trambling [milf] (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\handjob fucking licking sm .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\swedish fetish xxx [free] cock boots .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\french horse big circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\british fucking lesbian (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\nude hardcore [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\CbsTemp\indian gang bang lingerie hot (!) titts traffic (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\xxx girls cock 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\porn xxx licking YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\porn lesbian [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian fucking licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\brasilian handjob xxx big feet pregnant (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish xxx girls glans gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx uncut swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\chinese trambling licking glans femdom (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\indian cumshot beast masturbation feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian blowjob hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\tyrkish porn blowjob catfight balls .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\american kicking beast several models feet .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\cumshot hardcore hidden cock fishy (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\beastiality fucking licking titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\cumshot gay girls .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\beastiality lesbian voyeur (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action blowjob hot (!) cock granny .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian xxx uncut sm (Jenna,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\beast public fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\norwegian lesbian lesbian (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\norwegian horse public 40+ (Ashley,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\fetish gay catfight granny .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\indian porn sperm several models leather .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\porn sperm catfight (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\indian horse trambling [milf] (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\tyrkish kicking trambling masturbation bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia lesbian [free] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british sperm lesbian sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\gang bang lingerie [milf] cock young (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\spanish xxx [free] feet (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\russian cum horse sleeping stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\beast sleeping titts (Jenna,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia fucking hidden hole hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\tmp\american cumshot lesbian catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse xxx lesbian swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\cum lesbian girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\trambling uncut cock YEâPSè& (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\porn horse masturbation mature .avi.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\african bukkake catfight hole bedroom (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\sperm [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\asian blowjob sleeping young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\norwegian xxx hot (!) redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\fucking [milf] cock (Gina,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian [bangbus] glans balls (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\chinese lingerie girls upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1628 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1628 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1628 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1628 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1628 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 1628 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 4132 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 4132 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
PID 4132 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe

"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 243.68.101.110.in-addr.arpa udp
US 8.8.8.8:53 164.110.15.68.in-addr.arpa udp
US 8.8.8.8:53 197.63.14.212.in-addr.arpa udp
US 8.8.8.8:53 138.236.105.8.in-addr.arpa udp
US 8.8.8.8:53 134.181.122.162.in-addr.arpa udp
US 8.8.8.8:53 50.47.231.165.in-addr.arpa udp
US 8.8.8.8:53 239.107.61.100.in-addr.arpa udp
US 8.8.8.8:53 255.251.245.22.in-addr.arpa udp
US 8.8.8.8:53 191.18.56.155.in-addr.arpa udp
US 8.8.8.8:53 22.113.107.94.in-addr.arpa udp
US 8.8.8.8:53 70.72.70.95.in-addr.arpa udp
US 8.8.8.8:53 193.191.104.200.in-addr.arpa udp
US 8.8.8.8:53 31.144.91.51.in-addr.arpa udp
US 8.8.8.8:53 209.235.99.221.in-addr.arpa udp
US 8.8.8.8:53 80.45.92.178.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 60.20.248.154.in-addr.arpa udp
US 8.8.8.8:53 245.255.122.204.in-addr.arpa udp
US 8.8.8.8:53 122.75.152.72.in-addr.arpa udp
US 8.8.8.8:53 73.137.109.181.in-addr.arpa udp
US 8.8.8.8:53 188.185.143.66.in-addr.arpa udp
US 8.8.8.8:53 128.237.63.67.in-addr.arpa udp
US 8.8.8.8:53 91.198.141.101.in-addr.arpa udp
US 8.8.8.8:53 37.223.233.248.in-addr.arpa udp
US 8.8.8.8:53 58.2.38.1.in-addr.arpa udp
US 8.8.8.8:53 31.211.15.128.in-addr.arpa udp
US 8.8.8.8:53 174.213.250.120.in-addr.arpa udp
US 8.8.8.8:53 147.150.141.48.in-addr.arpa udp
US 8.8.8.8:53 11.82.134.182.in-addr.arpa udp
US 8.8.8.8:53 205.210.61.54.in-addr.arpa udp
US 8.8.8.8:53 16.234.33.95.in-addr.arpa udp
US 8.8.8.8:53 129.194.135.187.in-addr.arpa udp
US 8.8.8.8:53 210.22.70.199.in-addr.arpa udp
US 8.8.8.8:53 240.214.90.255.in-addr.arpa udp
US 8.8.8.8:53 75.55.165.34.in-addr.arpa udp
US 8.8.8.8:53 12.174.199.46.in-addr.arpa udp
US 8.8.8.8:53 47.16.77.133.in-addr.arpa udp
US 8.8.8.8:53 71.12.180.53.in-addr.arpa udp
US 8.8.8.8:53 116.15.169.30.in-addr.arpa udp
US 8.8.8.8:53 161.253.52.139.in-addr.arpa udp
US 8.8.8.8:53 95.186.8.118.in-addr.arpa udp
US 8.8.8.8:53 15.144.168.237.in-addr.arpa udp
US 8.8.8.8:53 133.220.222.36.in-addr.arpa udp
US 8.8.8.8:53 151.147.188.207.in-addr.arpa udp
US 8.8.8.8:53 14.45.149.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 54.43.166.110.in-addr.arpa udp
US 8.8.8.8:53 149.51.78.17.in-addr.arpa udp
US 8.8.8.8:53 154.52.106.232.in-addr.arpa udp
US 8.8.8.8:53 215.253.77.3.in-addr.arpa udp
US 8.8.8.8:53 151.154.87.41.in-addr.arpa udp
US 8.8.8.8:53 22.179.139.162.in-addr.arpa udp
US 8.8.8.8:53 25.226.63.247.in-addr.arpa udp
US 8.8.8.8:53 118.127.131.115.in-addr.arpa udp
US 8.8.8.8:53 236.152.231.72.in-addr.arpa udp
US 8.8.8.8:53 141.55.4.27.in-addr.arpa udp
US 8.8.8.8:53 233.221.129.162.in-addr.arpa udp
US 8.8.8.8:53 29.109.205.121.in-addr.arpa udp
US 8.8.8.8:53 99.177.142.241.in-addr.arpa udp
US 8.8.8.8:53 185.245.26.180.in-addr.arpa udp
US 8.8.8.8:53 142.100.5.157.in-addr.arpa udp
US 8.8.8.8:53 228.217.51.198.in-addr.arpa udp
US 8.8.8.8:53 152.232.96.109.in-addr.arpa udp
US 8.8.8.8:53 237.74.29.201.in-addr.arpa udp
US 8.8.8.8:53 91.160.129.129.in-addr.arpa udp
US 8.8.8.8:53 66.31.253.213.in-addr.arpa udp
US 8.8.8.8:53 135.115.94.185.in-addr.arpa udp
US 8.8.8.8:53 23.147.51.143.in-addr.arpa udp
US 8.8.8.8:53 115.245.58.252.in-addr.arpa udp
US 8.8.8.8:53 143.71.144.41.in-addr.arpa udp
US 8.8.8.8:53 148.50.194.223.in-addr.arpa udp
US 8.8.8.8:53 118.13.165.71.in-addr.arpa udp
US 8.8.8.8:53 65.186.15.144.in-addr.arpa udp
US 8.8.8.8:53 70.191.158.237.in-addr.arpa udp
US 8.8.8.8:53 63.161.26.162.in-addr.arpa udp
US 8.8.8.8:53 233.29.161.154.in-addr.arpa udp
US 8.8.8.8:53 80.68.202.42.in-addr.arpa udp
US 8.8.8.8:53 165.71.44.27.in-addr.arpa udp
US 8.8.8.8:53 89.70.251.24.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

memory/1628-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian fetish fucking voyeur feet ash (Sylvia).mpeg.exe

MD5 c3b65935f0fa24d4fa12590937d20040
SHA1 7e050eadd36fe0f9c5fc7671a4c8c7256474e768
SHA256 768197d831b671237d248860c184af856ed247d569d465eb7325dff99a8729d0
SHA512 6be8ebd8b0124b3fe4846079249e29d1f476d46cf6877f70946986d24fdbdaa1122c4455af7ec48cbc1431b8d4afe8ff5448dc033f1cd9e2a72d106f56fffd1e

memory/4132-87-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4912-163-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2176-162-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-180-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4132-181-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4912-183-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-185-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-191-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-201-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-205-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-210-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-214-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-218-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-222-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-226-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-230-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-234-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-238-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1628-242-0x0000000000400000-0x0000000000420000-memory.dmp