Malware Analysis Report

2024-11-30 02:36

Sample ID 240407-wtak2sba48
Target 03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30
SHA256 03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30

Threat Level: Known bad

The file 03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:12

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:12

Reported

2024-04-07 18:14

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\danish gang bang beast lesbian cock YEâPSè& (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian kicking horse hot (!) 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie full movie high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian cum beast [free] glans redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish horse gay girls hole hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish hardcore girls balls .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\handjob blowjob girls feet latex .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese cumshot trambling [bangbus] castration (Christine,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian cum lingerie girls hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\indian cum xxx catfight wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\danish action beast hidden cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese animal gay [bangbus] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian fetish blowjob several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish beastiality hardcore full movie girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\DVD Maker\Shared\tyrkish cum gay several models hole 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian horse beast full movie wifey (Anniston,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese action fucking hot (!) pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast licking (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian cum bukkake hot (!) titts upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\italian cum fucking public pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish kicking gay [bangbus] glans leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\xxx public granny (Sandy,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish fetish gay several models shower .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\gay voyeur titts (Ashley,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\indian porn trambling public wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking lesbian [bangbus] 50+ (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german sperm several models titts penetration (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\malaysia bukkake [free] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian porn blowjob lesbian hole wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\american gang bang trambling several models hole (Sandy,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\beast [free] hole (Sonja,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish nude xxx public circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\porn gay sleeping feet (Ashley,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\tmp\black handjob fucking masturbation glans sweet (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking [bangbus] mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\danish nude beast uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\canadian lingerie hot (!) cock balls (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french hardcore sleeping high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british beast lesbian wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\swedish action hardcore catfight 40+ (Sonja,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese beastiality trambling lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\security\templates\hardcore public feet black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\japanese cum trambling public .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gang bang lesbian several models glans blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black kicking hardcore full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx public sm .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\russian fetish lesbian catfight fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\handjob sperm lesbian glans .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\british lesbian girls glans .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\beast catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SoftwareDistribution\Download\italian cum bukkake big titts circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\action sperm licking high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\lingerie licking hole mistress (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\action beast full movie glans beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\french lingerie [bangbus] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\asian gay [milf] (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\indian horse sperm public stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\bukkake [milf] feet stockings (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\InstallTemp\japanese animal gay sleeping titts sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\Temp\black beastiality sperm uncut bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\nude beast full movie hole upskirt (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\british xxx catfight black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse trambling [free] mature .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german beast hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\trambling [bangbus] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\porn lesbian [free] hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish handjob beast sleeping mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\british horse catfight glans beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian lesbian hidden circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\american porn horse full movie upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\porn lingerie [milf] cock traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian beastiality horse voyeur (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french beast masturbation feet mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\black animal fucking voyeur cock girly .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot bukkake masturbation glans 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast full movie swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast licking ash .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal blowjob [free] cock bedroom (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality lesbian hidden cock .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gay sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\british beast [milf] hole ash .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\british horse public (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black action horse catfight glans .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\tyrkish kicking sperm full movie (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob uncut hole young .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\danish action gay public ash (Christine,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1520 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 1520 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 1520 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 1520 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 2504 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 2504 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 2504 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 2504 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.13.135.107.in-addr.arpa udp
US 8.8.8.8:53 158.28.46.99.in-addr.arpa udp
US 8.8.8.8:53 22.202.196.20.in-addr.arpa udp
US 8.8.8.8:53 117.92.50.9.in-addr.arpa udp
US 8.8.8.8:53 84.253.3.103.in-addr.arpa udp
US 8.8.8.8:53 41.71.60.27.in-addr.arpa udp
US 8.8.8.8:53 108.253.124.81.in-addr.arpa udp
US 8.8.8.8:53 208.104.31.191.in-addr.arpa udp
US 8.8.8.8:53 69.24.14.159.in-addr.arpa udp
US 8.8.8.8:53 90.22.47.222.in-addr.arpa udp
US 8.8.8.8:53 182.222.204.42.in-addr.arpa udp
US 8.8.8.8:53 246.156.101.60.in-addr.arpa udp
US 8.8.8.8:53 236.233.83.58.in-addr.arpa udp
US 8.8.8.8:53 13.94.49.230.in-addr.arpa udp
US 8.8.8.8:53 16.207.79.162.in-addr.arpa udp
US 8.8.8.8:53 232.183.45.244.in-addr.arpa udp
US 8.8.8.8:53 133.75.221.149.in-addr.arpa udp
US 8.8.8.8:53 186.139.71.119.in-addr.arpa udp
US 8.8.8.8:53 163.253.55.113.in-addr.arpa udp
US 8.8.8.8:53 109.58.77.229.in-addr.arpa udp
US 8.8.8.8:53 242.235.90.239.in-addr.arpa udp
US 8.8.8.8:53 207.247.53.54.in-addr.arpa udp
US 8.8.8.8:53 190.214.14.127.in-addr.arpa udp
US 8.8.8.8:53 29.235.102.95.in-addr.arpa udp
US 8.8.8.8:53 149.186.131.72.in-addr.arpa udp
US 8.8.8.8:53 174.209.122.222.in-addr.arpa udp
US 8.8.8.8:53 147.139.179.194.in-addr.arpa udp
US 8.8.8.8:53 36.247.230.40.in-addr.arpa udp

Files

memory/1520-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [free] .rar.exe

MD5 611f5514e819cc7262e1f8902f9263a6
SHA1 fdc5a89b1c81232841eb00b66902f9ed83fdb263
SHA256 939d5b4d4e52075b8deaacb301217d5b8523d412d903a69b10a84d731530e27e
SHA512 ab1c2b58c4868d022e39ab67a4d412771cd5d33ca6fbbe44a6b15f6c7f66153f654a03df402d048de07129397d8e2032635a7eb72a4404396a7879a1ef7be648

memory/1520-60-0x00000000053B0000-0x00000000053CE000-memory.dmp

memory/2504-61-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2504-89-0x0000000004AA0000-0x0000000004ABE000-memory.dmp

memory/1520-94-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 b6920e32f78ad1576e560969bf8894f5
SHA1 703ab8b85b9bd3868855fff70fe2cf7bce34292f
SHA256 9f8a8885f7f1932c7dbca31a07fe22f32afd0821dd9c43ae57213b3511a83972
SHA512 a55538b7d751aef5d71e526143ccbfa4232d0adbe501e6d79a91aaeaae3ef247de74c1db59aedff9a92112f92f36e9078c433504d8adc34eb79af2e3d8a0560c

memory/2504-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-108-0x00000000053B0000-0x00000000053CE000-memory.dmp

memory/1520-109-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-112-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-115-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-120-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-126-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-132-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-138-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1520-144-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:12

Reported

2024-04-07 18:14

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\american fetish trambling full movie shower .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\brasilian handjob trambling [bangbus] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking trambling hidden glans YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese handjob bukkake [bangbus] upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore hidden upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian masturbation glans swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish action lesbian hot (!) beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\xxx girls feet boots .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish handjob lingerie lesbian mature .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian fetish beast masturbation feet .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black handjob lingerie catfight feet (Anniston,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\dotnet\shared\tyrkish cum gay several models hole 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast licking (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\italian cum fucking public pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian horse beast full movie wifey (Anniston,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese animal gay [bangbus] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish action beast hidden cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian nude hardcore public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\danish animal horse uncut sm (Jenna,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese animal bukkake several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american kicking hardcore girls .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Common Files\microsoft shared\danish fetish gay several models shower .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian cum xxx catfight wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian cum bukkake hot (!) titts upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese handjob gay catfight cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish horse horse hot (!) granny .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\american fetish lingerie uncut feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\asian blowjob licking hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\spanish gay lesbian cock .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\beastiality horse public glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\russian animal lingerie licking cock .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\blowjob public castration (Ashley,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\brasilian action fucking [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\fetish trambling full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\japanese kicking lesbian hot (!) blondie (Britney,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\horse gay hidden gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\brasilian gang bang trambling full movie (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\indian cum blowjob masturbation titts leather .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\spanish lesbian masturbation glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\chinese lesbian [milf] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\cumshot horse [milf] (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\cumshot lingerie licking cock lady .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\cumshot lingerie [free] hole girly .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\beastiality trambling lesbian feet .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\canadian xxx hidden titts gorgeoushorny (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian nude xxx [milf] feet fishy (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish lingerie hidden redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish beastiality fucking voyeur ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish lingerie voyeur bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian animal horse catfight titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\trambling voyeur high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\action bukkake big titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\fetish sperm girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\african fucking [milf] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\beast [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\japanese cum bukkake full movie (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\fucking [milf] titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\action xxx [milf] young .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\canadian blowjob voyeur high heels (Christine,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\gang bang fucking [milf] (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\sperm public titts hotel (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\french blowjob uncut latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\action hardcore sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish xxx uncut ash .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\horse fucking [milf] leather .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese nude blowjob full movie hairy (Ashley,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\russian cum hardcore licking beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\russian beastiality blowjob masturbation glans sm (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\tyrkish beastiality trambling public (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\sperm [free] hole hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse trambling uncut cock bedroom (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\japanese beastiality lesbian several models (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian xxx public titts blondie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\nude lingerie [milf] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\brasilian cum trambling girls hole femdom (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\security\templates\trambling hidden lady .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake [bangbus] titts balls .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\chinese bukkake sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\spanish gay masturbation hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black beastiality fucking voyeur feet .avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\spanish gay voyeur bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\sperm big YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\german fucking full movie titts .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black cumshot lingerie public (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\italian cum trambling full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\french lingerie hidden cock 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\canadian fucking lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\animal trambling lesbian traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french fucking lesbian glans .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\action gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\african bukkake several models traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3052 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 3052 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 3052 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 3052 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 3052 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 3052 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 4796 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 4796 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe
PID 4796 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe

"C:\Users\Admin\AppData\Local\Temp\03e22ec0fd5e3820276bd997cff792c05382685d1b6d6d348cdf10ad33758e30.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 97.159.111.155.in-addr.arpa udp
US 8.8.8.8:53 127.195.159.165.in-addr.arpa udp
US 8.8.8.8:53 25.160.134.100.in-addr.arpa udp
US 8.8.8.8:53 75.51.217.127.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 212.53.99.78.in-addr.arpa udp
US 8.8.8.8:53 10.210.113.217.in-addr.arpa udp
US 8.8.8.8:53 77.123.179.236.in-addr.arpa udp
US 8.8.8.8:53 176.210.152.206.in-addr.arpa udp
US 8.8.8.8:53 245.154.149.15.in-addr.arpa udp
US 8.8.8.8:53 196.207.61.60.in-addr.arpa udp
US 8.8.8.8:53 61.46.18.192.in-addr.arpa udp
US 8.8.8.8:53 124.121.9.125.in-addr.arpa udp
US 8.8.8.8:53 225.55.253.37.in-addr.arpa udp
US 8.8.8.8:53 206.17.133.205.in-addr.arpa udp
US 8.8.8.8:53 163.117.91.25.in-addr.arpa udp
US 8.8.8.8:53 159.229.240.207.in-addr.arpa udp
US 8.8.8.8:53 172.50.49.99.in-addr.arpa udp
US 8.8.8.8:53 52.37.214.208.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 42.158.143.66.in-addr.arpa udp
US 8.8.8.8:53 47.21.134.204.in-addr.arpa udp
US 8.8.8.8:53 179.9.226.233.in-addr.arpa udp
US 8.8.8.8:53 29.209.72.4.in-addr.arpa udp
US 8.8.8.8:53 157.131.51.127.in-addr.arpa udp
US 8.8.8.8:53 159.157.18.241.in-addr.arpa udp
US 8.8.8.8:53 82.245.168.206.in-addr.arpa udp
US 8.8.8.8:53 42.217.186.140.in-addr.arpa udp
US 8.8.8.8:53 232.146.38.76.in-addr.arpa udp
US 8.8.8.8:53 12.198.1.254.in-addr.arpa udp
US 8.8.8.8:53 241.224.143.199.in-addr.arpa udp
US 8.8.8.8:53 183.16.58.9.in-addr.arpa udp
US 8.8.8.8:53 47.68.163.103.in-addr.arpa udp
US 8.8.8.8:53 62.76.100.152.in-addr.arpa udp
US 8.8.8.8:53 165.171.181.56.in-addr.arpa udp
US 8.8.8.8:53 169.116.57.118.in-addr.arpa udp
US 8.8.8.8:53 210.194.203.130.in-addr.arpa udp
US 8.8.8.8:53 94.98.239.152.in-addr.arpa udp
US 8.8.8.8:53 79.218.122.215.in-addr.arpa udp
US 8.8.8.8:53 169.134.240.101.in-addr.arpa udp
US 8.8.8.8:53 51.52.129.148.in-addr.arpa udp
US 8.8.8.8:53 65.170.239.14.in-addr.arpa udp
US 8.8.8.8:53 62.114.126.144.in-addr.arpa udp
US 8.8.8.8:53 152.63.122.188.in-addr.arpa udp
US 8.8.8.8:53 229.68.125.41.in-addr.arpa udp
US 8.8.8.8:53 60.94.37.221.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 171.254.32.163.in-addr.arpa udp
US 8.8.8.8:53 54.173.26.2.in-addr.arpa udp
US 8.8.8.8:53 223.70.17.246.in-addr.arpa udp
US 8.8.8.8:53 40.246.240.125.in-addr.arpa udp
US 8.8.8.8:53 207.160.83.226.in-addr.arpa udp
US 8.8.8.8:53 28.218.58.114.in-addr.arpa udp
US 8.8.8.8:53 223.97.89.95.in-addr.arpa udp
US 8.8.8.8:53 141.219.103.50.in-addr.arpa udp
US 8.8.8.8:53 165.109.27.172.in-addr.arpa udp
US 8.8.8.8:53 241.98.21.78.in-addr.arpa udp
US 8.8.8.8:53 66.41.193.251.in-addr.arpa udp
US 8.8.8.8:53 76.153.164.148.in-addr.arpa udp
US 8.8.8.8:53 131.44.36.245.in-addr.arpa udp
US 8.8.8.8:53 104.190.251.91.in-addr.arpa udp
US 8.8.8.8:53 167.163.112.36.in-addr.arpa udp
US 8.8.8.8:53 62.9.182.154.in-addr.arpa udp
US 8.8.8.8:53 134.177.43.44.in-addr.arpa udp
US 8.8.8.8:53 117.213.163.107.in-addr.arpa udp
US 8.8.8.8:53 138.96.184.1.in-addr.arpa udp
US 8.8.8.8:53 190.187.213.160.in-addr.arpa udp
US 8.8.8.8:53 27.159.56.50.in-addr.arpa udp
US 8.8.8.8:53 40.149.25.181.in-addr.arpa udp
US 8.8.8.8:53 95.37.95.146.in-addr.arpa udp
US 8.8.8.8:53 182.170.30.221.in-addr.arpa udp
US 8.8.8.8:53 116.81.98.68.in-addr.arpa udp
US 8.8.8.8:53 104.34.174.9.in-addr.arpa udp
US 8.8.8.8:53 237.109.153.34.in-addr.arpa udp
US 8.8.8.8:53 217.234.130.22.in-addr.arpa udp
US 8.8.8.8:53 23.191.16.100.in-addr.arpa udp
US 8.8.8.8:53 253.200.144.210.in-addr.arpa udp
US 8.8.8.8:53 152.102.200.167.in-addr.arpa udp
US 8.8.8.8:53 17.170.87.216.in-addr.arpa udp
US 8.8.8.8:53 91.17.106.85.in-addr.arpa udp
US 8.8.8.8:53 64.68.51.47.in-addr.arpa udp
US 8.8.8.8:53 16.202.222.117.in-addr.arpa udp
US 8.8.8.8:53 30.218.87.32.in-addr.arpa udp
US 8.8.8.8:53 5.69.66.41.in-addr.arpa udp
US 8.8.8.8:53 136.31.13.237.in-addr.arpa udp

Files

memory/3052-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [free] .rar.exe

MD5 611f5514e819cc7262e1f8902f9263a6
SHA1 fdc5a89b1c81232841eb00b66902f9ed83fdb263
SHA256 939d5b4d4e52075b8deaacb301217d5b8523d412d903a69b10a84d731530e27e
SHA512 ab1c2b58c4868d022e39ab67a4d412771cd5d33ca6fbbe44a6b15f6c7f66153f654a03df402d048de07129397d8e2032635a7eb72a4404396a7879a1ef7be648

memory/4796-39-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3548-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4796-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5004-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3548-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-204-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-213-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-217-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-221-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-225-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-229-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-233-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-237-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3052-245-0x0000000000400000-0x000000000041E000-memory.dmp