Malware Analysis Report

2024-11-30 02:48

Sample ID 240407-wplshsah47
Target 00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b
SHA256 00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b

Threat Level: Known bad

The file 00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:05

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:05

Reported

2024-04-07 18:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\sperm lesbian titts sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\fucking public mature .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob licking redhair (Gina,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie catfight leather .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian animal bukkake public blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cum gay [free] titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\japanese kicking blowjob catfight cock leather .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian lesbian [bangbus] (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese cumshot lingerie lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast girls hole sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\brasilian porn hardcore [milf] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay hot (!) 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\fucking full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian fetish hardcore [bangbus] shower (Kathrin,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian animal gay full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese beastiality blowjob hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\DVD Maker\Shared\swedish nude horse sleeping cock traffic (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\american horse xxx uncut bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american nude lesbian [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie catfight hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian action lingerie catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake several models feet (Kathrin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Windows Journal\Templates\italian kicking fucking [bangbus] feet sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\american gang bang xxx girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian action sperm big feet pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\fetish xxx sleeping glans .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish fetish gay lesbian 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian cum lingerie sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\russian porn lesbian [milf] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\african blowjob full movie bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\porn blowjob masturbation bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese nude beast lesbian penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian horse sleeping glans traffic (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black beastiality horse [free] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude blowjob hidden mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx masturbation titts YEâPSè& (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\kicking sperm hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beastiality sperm [free] young .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\japanese cumshot trambling voyeur titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african fucking [milf] mature .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian action bukkake [free] young .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\trambling [milf] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\lesbian [bangbus] young .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\tyrkish handjob lesbian hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie big cock .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\sperm sleeping feet latex (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish beastiality horse public castration .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french lesbian public upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\animal fucking public girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish action hardcore licking .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\porn lesbian licking hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia fucking catfight titts boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese horse sperm voyeur castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\japanese action fucking sleeping titts shoes (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\brasilian action horse hidden cock girly .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore hidden feet granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian action gay voyeur feet hotel (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\asian lesbian full movie redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\tyrkish fetish lingerie hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\horse bukkake licking cock ash .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian cumshot fucking big circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\brasilian porn sperm big feet .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\french hardcore lesbian (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian action gay [milf] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot hardcore big latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\brasilian fetish lesbian hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse trambling voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african beast hidden cock bondage (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\asian xxx full movie ash .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\swedish handjob sperm uncut blondie (Sandy,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian handjob gay big bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\temp\japanese action sperm lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\malaysia sperm voyeur feet young .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\porn xxx public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\italian action trambling uncut sm .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german bukkake lesbian cock pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\beastiality gay uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish animal horse [milf] bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\malaysia fucking licking cock granny .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\spanish fucking public YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\canadian gay full movie penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\InstallTemp\russian cumshot beast girls hole sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\security\templates\danish fetish bukkake hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\beastiality trambling big shoes (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian fetish sperm sleeping glans young (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\chinese xxx girls boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gang bang hardcore hidden stockings (Sonja,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\PLA\Templates\indian kicking sperm uncut (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2100 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 2100 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 2100 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 2100 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 1776 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 1776 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 1776 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 1776 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 12.178.33.245.in-addr.arpa udp
US 8.8.8.8:53 187.147.102.137.in-addr.arpa udp
US 8.8.8.8:53 59.170.222.96.in-addr.arpa udp
US 8.8.8.8:53 128.148.162.133.in-addr.arpa udp
US 8.8.8.8:53 73.19.230.156.in-addr.arpa udp
US 8.8.8.8:53 147.93.145.207.in-addr.arpa udp
US 8.8.8.8:53 227.104.3.95.in-addr.arpa udp
US 8.8.8.8:53 77.205.181.89.in-addr.arpa udp
US 8.8.8.8:53 245.101.198.79.in-addr.arpa udp
US 8.8.8.8:53 28.136.5.95.in-addr.arpa udp
US 8.8.8.8:53 77.188.105.212.in-addr.arpa udp
US 8.8.8.8:53 183.163.105.172.in-addr.arpa udp
US 8.8.8.8:53 59.77.148.63.in-addr.arpa udp
US 8.8.8.8:53 174.83.25.5.in-addr.arpa udp
US 8.8.8.8:53 115.138.125.150.in-addr.arpa udp
US 8.8.8.8:53 143.242.179.44.in-addr.arpa udp
US 8.8.8.8:53 105.225.175.197.in-addr.arpa udp
US 8.8.8.8:53 180.113.164.202.in-addr.arpa udp
US 8.8.8.8:53 207.71.148.76.in-addr.arpa udp
US 8.8.8.8:53 158.89.138.29.in-addr.arpa udp
US 8.8.8.8:53 151.117.138.39.in-addr.arpa udp
US 8.8.8.8:53 222.22.247.51.in-addr.arpa udp
US 8.8.8.8:53 8.76.214.236.in-addr.arpa udp
US 8.8.8.8:53 14.133.222.37.in-addr.arpa udp
US 8.8.8.8:53 54.142.84.153.in-addr.arpa udp
US 8.8.8.8:53 213.171.174.136.in-addr.arpa udp
US 8.8.8.8:53 135.108.68.112.in-addr.arpa udp
US 8.8.8.8:53 35.121.184.160.in-addr.arpa udp
US 8.8.8.8:53 240.98.252.244.in-addr.arpa udp

Files

memory/2100-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\american horse xxx uncut bedroom .mpg.exe

MD5 31229495a30040e5be06ef0950778e0d
SHA1 a2e32674a698bc5a2a39b15ce079978b208978cc
SHA256 278008d8db623df85351aed42e8cdead231ee843dfc4cde25a550ee6cf37d473
SHA512 e7b597c3c79d20b45bd4559492d7facc036543d7bd6ff2fdd3085e669fbe2472af79b8679f337af55fe3007982b83c65b047578b0a703e6d69072a6ad59fcb5e

memory/2100-66-0x0000000004710000-0x000000000472D000-memory.dmp

memory/1776-67-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1776-89-0x0000000004CE0000-0x0000000004CFD000-memory.dmp

memory/2648-90-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-94-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-105-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-108-0x0000000004710000-0x000000000472D000-memory.dmp

memory/1776-109-0x0000000004CE0000-0x0000000004CFD000-memory.dmp

memory/2100-110-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-113-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-116-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-121-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-124-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-127-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-130-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-133-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-136-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-139-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-142-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2100-145-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:05

Reported

2024-04-07 18:08

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\blowjob sleeping cock .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\fucking uncut ash .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast masturbation cock .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\black handjob beast big glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese gang bang sperm licking glans young (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black fetish trambling licking balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian kicking beast several models bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob voyeur sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish cumshot beast voyeur titts castration (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie big glans (Gina,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian nude sperm catfight hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese animal lingerie hidden ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\bukkake masturbation latex .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\american cum fucking full movie bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black cumshot bukkake catfight bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american nude lesbian [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian hot (!) high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american gang bang xxx girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese fetish fucking voyeur circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\tyrkish beastiality xxx several models stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\dotnet\shared\swedish nude horse sleeping cock traffic (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american horse xxx uncut bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie catfight hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\japanese beastiality blowjob hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\brasilian porn hardcore [milf] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake several models feet (Kathrin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal trambling licking high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\trambling licking high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian kicking fucking [bangbus] feet sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian action sperm big feet pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fucking licking titts (Christine,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\american gang bang lingerie girls circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\african xxx catfight cock shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\sperm hidden 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\swedish animal lingerie big girly .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\italian gang bang lesbian voyeur cock young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\gay licking glans beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action lesbian licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\tyrkish action sperm catfight latex (Sandy,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\horse lesbian (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\asian horse several models YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian action beast several models sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\indian gang bang xxx public cock (Jenna,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\malaysia blowjob hidden cock .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\bukkake public hole leather (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish nude lesbian [milf] (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\trambling public (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\canadian lesbian several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\chinese lingerie [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\chinese bukkake girls .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\trambling public shower .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\indian animal bukkake big glans (Gina,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\chinese horse girls cock ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\japanese handjob fucking full movie 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\spanish lingerie hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\swedish horse fucking catfight feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\cum gay hidden sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\norwegian xxx sleeping cock .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\spanish sperm masturbation glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish kicking blowjob [free] latex (Sandy,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\danish kicking beast [bangbus] feet bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\spanish gay girls traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\german trambling masturbation feet blondie (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\malaysia lingerie hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\cumshot horse several models (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\InstallTemp\french xxx [bangbus] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\asian beast voyeur cock .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french xxx full movie (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\norwegian lesbian hot (!) (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish fetish lingerie [free] glans traffic (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish fetish blowjob voyeur beautyfull (Kathrin,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british lingerie catfight feet .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\african trambling public glans Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\british xxx several models .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\canadian lesbian voyeur cock leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian horse sperm public ash (Gina,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\german hardcore voyeur cock femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\blowjob public (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian kicking horse [milf] hole sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\russian kicking hardcore public swallow (Jenna,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\american animal fucking hot (!) titts ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\CbsTemp\russian handjob bukkake big hole stockings (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\kicking sperm sleeping (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\animal trambling [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\french lingerie masturbation hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\german lingerie girls cock young (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\asian horse [bangbus] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\swedish action trambling uncut (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\asian lesbian girls glans .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\asian bukkake [bangbus] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian cumshot fucking big femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\porn blowjob catfight black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia fucking masturbation stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5020 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5020 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5020 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5020 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5020 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5020 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5092 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5092 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe
PID 5092 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe

"C:\Users\Admin\AppData\Local\Temp\00e8d2089b0c2636b6cbf52eb3282a126e742c5c8beecb66b7b3338b896f102b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.228.255.218.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 140.153.87.181.in-addr.arpa udp
US 8.8.8.8:53 230.16.175.207.in-addr.arpa udp
US 8.8.8.8:53 243.11.87.144.in-addr.arpa udp
US 8.8.8.8:53 220.238.72.29.in-addr.arpa udp
US 8.8.8.8:53 43.232.62.41.in-addr.arpa udp
US 8.8.8.8:53 211.42.61.151.in-addr.arpa udp
US 8.8.8.8:53 17.15.155.58.in-addr.arpa udp
US 8.8.8.8:53 133.77.124.20.in-addr.arpa udp
US 8.8.8.8:53 58.22.187.112.in-addr.arpa udp
US 8.8.8.8:53 88.242.13.16.in-addr.arpa udp
US 8.8.8.8:53 150.108.108.19.in-addr.arpa udp
US 8.8.8.8:53 226.10.137.9.in-addr.arpa udp
US 8.8.8.8:53 14.1.89.150.in-addr.arpa udp
US 8.8.8.8:53 16.48.215.206.in-addr.arpa udp
US 8.8.8.8:53 211.75.218.161.in-addr.arpa udp
US 8.8.8.8:53 152.35.23.63.in-addr.arpa udp
US 8.8.8.8:53 232.38.114.104.in-addr.arpa udp
US 8.8.8.8:53 75.21.196.16.in-addr.arpa udp
US 8.8.8.8:53 67.63.83.156.in-addr.arpa udp
US 8.8.8.8:53 213.118.52.93.in-addr.arpa udp
US 8.8.8.8:53 251.69.194.113.in-addr.arpa udp
US 8.8.8.8:53 9.82.40.113.in-addr.arpa udp
US 8.8.8.8:53 213.212.79.215.in-addr.arpa udp
US 8.8.8.8:53 114.115.185.92.in-addr.arpa udp
US 8.8.8.8:53 78.17.90.253.in-addr.arpa udp
US 8.8.8.8:53 155.45.176.154.in-addr.arpa udp
US 8.8.8.8:53 46.53.42.223.in-addr.arpa udp
US 8.8.8.8:53 49.115.50.174.in-addr.arpa udp
US 8.8.8.8:53 54.2.14.84.in-addr.arpa udp
US 8.8.8.8:53 244.132.119.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 244.97.237.79.in-addr.arpa udp
US 8.8.8.8:53 99.32.7.30.in-addr.arpa udp
US 8.8.8.8:53 160.118.224.179.in-addr.arpa udp
US 8.8.8.8:53 64.95.166.230.in-addr.arpa udp
US 8.8.8.8:53 49.70.47.3.in-addr.arpa udp
US 8.8.8.8:53 238.110.233.236.in-addr.arpa udp
US 8.8.8.8:53 163.160.206.71.in-addr.arpa udp
US 8.8.8.8:53 77.11.202.60.in-addr.arpa udp
US 8.8.8.8:53 70.24.213.218.in-addr.arpa udp
US 8.8.8.8:53 152.104.52.187.in-addr.arpa udp
US 8.8.8.8:53 128.146.204.58.in-addr.arpa udp
US 8.8.8.8:53 100.12.65.196.in-addr.arpa udp
US 8.8.8.8:53 67.158.59.221.in-addr.arpa udp
US 8.8.8.8:53 135.242.17.113.in-addr.arpa udp
US 8.8.8.8:53 33.119.182.237.in-addr.arpa udp
US 8.8.8.8:53 167.182.108.32.in-addr.arpa udp
US 8.8.8.8:53 236.88.121.101.in-addr.arpa udp
US 8.8.8.8:53 99.36.131.174.in-addr.arpa udp
US 8.8.8.8:53 18.135.171.84.in-addr.arpa udp
US 8.8.8.8:53 53.34.232.170.in-addr.arpa udp
US 8.8.8.8:53 71.237.74.227.in-addr.arpa udp
US 8.8.8.8:53 106.175.83.19.in-addr.arpa udp
US 8.8.8.8:53 218.175.78.222.in-addr.arpa udp
US 8.8.8.8:53 120.160.140.91.in-addr.arpa udp
US 8.8.8.8:53 57.218.144.94.in-addr.arpa udp
US 8.8.8.8:53 161.176.229.75.in-addr.arpa udp
US 8.8.8.8:53 250.157.12.122.in-addr.arpa udp
US 8.8.8.8:53 183.49.30.89.in-addr.arpa udp
US 8.8.8.8:53 46.48.50.218.in-addr.arpa udp
US 8.8.8.8:53 17.64.196.4.in-addr.arpa udp
US 8.8.8.8:53 159.72.54.99.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

memory/5020-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american horse xxx uncut bedroom .mpg.exe

MD5 31229495a30040e5be06ef0950778e0d
SHA1 a2e32674a698bc5a2a39b15ce079978b208978cc
SHA256 278008d8db623df85351aed42e8cdead231ee843dfc4cde25a550ee6cf37d473
SHA512 e7b597c3c79d20b45bd4559492d7facc036543d7bd6ff2fdd3085e669fbe2472af79b8679f337af55fe3007982b83c65b047578b0a703e6d69072a6ad59fcb5e

memory/5092-143-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1104-183-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-184-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5092-185-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1104-187-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4948-188-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-191-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-192-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-206-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-210-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-215-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-219-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-223-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-227-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-231-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-235-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-239-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-243-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5020-247-0x0000000000400000-0x000000000041D000-memory.dmp