Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-x3m36sce62
Target 2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b
SHA256 2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b

Threat Level: Known bad

The file 2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:22

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:22

Reported

2024-04-07 19:25

Platform

win7-20240215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\tyrkish action trambling hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian horse horse girls lady .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse bukkake masturbation latex (Sandy,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\chinese beast full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish cum hardcore sleeping (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish lingerie hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\swedish beastiality lingerie [free] (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish animal bukkake [bangbus] boots .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\xxx public granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish horse bukkake big penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\cum xxx masturbation leather .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian action xxx uncut glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Windows Journal\Templates\trambling girls shower .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian nude fucking public lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian handjob sperm [free] titts ìï (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese beastiality lingerie masturbation hole young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\DVD Maker\Shared\bukkake lesbian (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\horse [free] hole blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian cumshot sperm hot (!) swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish cumshot xxx full movie (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish nude blowjob [bangbus] hole granny (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay catfight feet hotel (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish kicking bukkake [milf] hole latex .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\american gang bang bukkake [milf] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british sperm catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\russian gang bang blowjob girls feet .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob hidden (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia sperm hidden stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese cum blowjob sleeping sweet (Kathrin,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\danish kicking trambling sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\lesbian catfight upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\danish kicking gay [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\indian porn hardcore hot (!) (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\action gay hot (!) hole ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\Downloaded Program Files\indian kicking gay full movie (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob big cock (Sandy,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian blowjob public glans castration (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\kicking beast sleeping 40+ (Kathrin,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\tmp\italian horse lesbian several models glans penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking hardcore [milf] feet (Sandy,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\Temp\russian gang bang xxx licking .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish animal trambling girls hole mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish horse sperm [milf] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast licking redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\swedish nude hardcore girls shower .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\hardcore [milf] (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\russian handjob lesbian licking shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\japanese gang bang lingerie [milf] cock shower .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish beastiality gay hot (!) cock penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\nude blowjob hidden girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french lesbian public .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french fucking public .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\african beast voyeur ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african sperm lesbian feet shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian sperm licking glans blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob lesbian catfight young (Sandy,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian trambling sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking lesbian [milf] hole redhair (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beast full movie cock gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black handjob gay masturbation mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse masturbation hole .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse sperm licking young (Sonja,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\PLA\Templates\danish cumshot trambling sleeping cock pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cum lesbian big glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude bukkake [free] gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian trambling public swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling catfight mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian full movie hole (Sonja,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang horse uncut feet boots (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action lesbian masturbation titts 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british lingerie [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish action gay uncut latex (Kathrin,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fetish sperm catfight glans mature (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cumshot horse several models cock .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish beastiality lingerie several models titts high heels (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british xxx big (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\french horse full movie (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\beast several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\InstallTemp\horse xxx uncut glans high heels (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\tyrkish cum gay full movie ash .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\swedish kicking xxx voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish gay masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\spanish bukkake lesbian cock ìï (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\temp\indian fetish horse sleeping leather .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\beastiality lingerie licking glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese porn beast voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\trambling big (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\cum xxx hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2896 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2332 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2332 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2332 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 2332 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 174.177.156.152.in-addr.arpa udp
US 8.8.8.8:53 137.139.215.12.in-addr.arpa udp
US 8.8.8.8:53 138.50.44.253.in-addr.arpa udp
US 8.8.8.8:53 6.196.2.126.in-addr.arpa udp
US 8.8.8.8:53 54.120.208.18.in-addr.arpa udp
US 8.8.8.8:53 184.122.205.169.in-addr.arpa udp
US 8.8.8.8:53 53.15.231.46.in-addr.arpa udp
US 8.8.8.8:53 190.73.94.144.in-addr.arpa udp
US 8.8.8.8:53 207.95.118.42.in-addr.arpa udp
US 8.8.8.8:53 9.82.48.245.in-addr.arpa udp
US 8.8.8.8:53 164.165.123.213.in-addr.arpa udp
US 8.8.8.8:53 127.121.248.176.in-addr.arpa udp
US 8.8.8.8:53 30.238.85.153.in-addr.arpa udp
US 8.8.8.8:53 150.40.244.174.in-addr.arpa udp
US 8.8.8.8:53 45.104.84.209.in-addr.arpa udp
US 8.8.8.8:53 2.105.38.180.in-addr.arpa udp
US 8.8.8.8:53 5.10.27.199.in-addr.arpa udp
US 8.8.8.8:53 127.154.229.208.in-addr.arpa udp
US 8.8.8.8:53 106.137.108.6.in-addr.arpa udp
US 8.8.8.8:53 176.113.118.41.in-addr.arpa udp
US 8.8.8.8:53 11.248.30.98.in-addr.arpa udp
US 8.8.8.8:53 88.239.90.75.in-addr.arpa udp
US 8.8.8.8:53 233.140.30.68.in-addr.arpa udp
US 8.8.8.8:53 44.22.180.64.in-addr.arpa udp
US 8.8.8.8:53 26.79.46.57.in-addr.arpa udp
US 8.8.8.8:53 58.235.129.28.in-addr.arpa udp
US 8.8.8.8:53 153.83.212.143.in-addr.arpa udp
US 8.8.8.8:53 136.139.100.134.in-addr.arpa udp

Files

memory/2896-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian nude fucking public lady .mpg.exe

MD5 2739f0b9b3ebd4ebd373471710651af2
SHA1 2c1f6b717677bf163483df14cdf8bdb7857f5656
SHA256 d567617e2b8446cf4f49fc791b07fad884f70933c63317f2569dbdeb657fb725
SHA512 3ca5c958a912a520a9b7ccd87d4b30539e057acdd6da9dd0d0ae73f2624d772169c68566954de11d32a8e6bd5ac9af09aebeecff5fbe90c69a743fbc1e3a5f73

memory/2896-68-0x0000000005390000-0x00000000053AE000-memory.dmp

memory/2332-69-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2652-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2332-90-0x0000000004590000-0x00000000045AE000-memory.dmp

memory/2896-95-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 17d55eb7544df25c0c804034d5eb4cb4
SHA1 da4de13868a3e9b37fa8974667c6e8cd715431e5
SHA256 2a295f3e7a3b780ce43f83c4927931ce1899c8f10958c71098ba249049389e5d
SHA512 244f90e6410a4a9cf4bc897f9b0de16a8e5533c3849e8660c8dde33f7a70d358a41cd8994bb48c82289f92cdd46397f3e8e499317fb1a60b9ceaa99b3afc7860

memory/2332-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2652-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-106-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-109-0x0000000005390000-0x00000000053AE000-memory.dmp

memory/2896-110-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-136-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-142-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2896-145-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:22

Reported

2024-04-07 19:25

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\asian porn [milf] (Kathrin,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake big .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse horse masturbation boobs upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\cum [bangbus] mature .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian porn full movie legs (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\canadian lingerie fucking uncut (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish blowjob cumshot [free] vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality fucking lesbian (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish animal cumshot lesbian ash 40+ (Anniston,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore voyeur nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian kicking public hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese action licking ¼ë .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african horse voyeur redhair (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Google\Temp\chinese hardcore full movie redhair (Karin,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking lesbian vagina high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\italian nude catfight granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lingerie big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\porn porn licking ¼ë .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang full movie ash shower .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish cumshot [bangbus] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\dotnet\shared\cumshot nude masturbation mature .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\french kicking animal licking feet YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish porn fucking masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian kicking catfight ΋ .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german trambling cumshot lesbian femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\american horse masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese horse catfight vagina traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn [milf] leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british trambling fetish [bangbus] mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\german fucking nude masturbation (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\chinese fetish catfight blondie (Jenna,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\italian kicking voyeur mature (Anniston,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian action gay voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black nude trambling licking nipples hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\spanish blowjob sperm girls boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beast trambling licking glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\swedish beast voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french trambling several models swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\british kicking voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\lesbian hidden (Jade,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian sperm big castration (Sonja,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\handjob [bangbus] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\american porn beastiality several models glans 40+ (Janette,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\nude animal catfight bondage (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\asian cum girls boobs blondie (Gina,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian cumshot cum big vagina balls (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian lesbian uncut (Sandy,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\nude girls (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beastiality licking black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\indian fucking fetish big beautyfull (Jenna,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\horse trambling hot (!) upskirt (Jenna,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish xxx beast [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia beast girls upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gay [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\british blowjob trambling hidden redhair (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\trambling porn masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\chinese porn lingerie sleeping nipples traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\asian horse [milf] nipples granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\horse [free] hole wifey (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\gang bang blowjob big cock shower (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\russian hardcore kicking masturbation legs .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\french kicking public ash high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\french trambling action [milf] cock stockings (Sylvia,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian cumshot lesbian balls (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\sperm voyeur blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\swedish cumshot voyeur cock femdom (Jenna,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\fetish porn hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\chinese sperm horse [bangbus] sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\norwegian kicking lesbian hot (!) ash (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\british blowjob trambling hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\porn several models redhair (Britney,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\african xxx lesbian big latex (Janette,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian gang bang beast full movie gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\malaysia beast [free] latex .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian fucking gang bang several models (Karin,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\xxx lesbian feet ash (Liz,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\cumshot [free] circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\porn action uncut gorgeoushorny (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\danish animal [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\swedish blowjob lingerie hidden hole Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\german bukkake full movie pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish hardcore hardcore lesbian lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\spanish trambling lingerie licking (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\nude several models (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\german hardcore beast sleeping titts balls .rar.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\nude animal voyeur bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\nude hot (!) bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling fucking hot (!) penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\cum beastiality girls .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\german action cumshot lesbian shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\japanese gay girls black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\gay sperm hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3920 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 3920 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 3920 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 3920 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 3920 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 3920 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 1096 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 1096 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
PID 1096 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe

"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 238.96.78.123.in-addr.arpa udp
US 8.8.8.8:53 87.160.170.10.in-addr.arpa udp
US 8.8.8.8:53 208.37.217.162.in-addr.arpa udp
US 8.8.8.8:53 109.50.247.247.in-addr.arpa udp
US 8.8.8.8:53 105.18.46.172.in-addr.arpa udp
US 8.8.8.8:53 48.189.4.244.in-addr.arpa udp
US 8.8.8.8:53 71.48.50.124.in-addr.arpa udp
US 8.8.8.8:53 154.153.221.81.in-addr.arpa udp
US 8.8.8.8:53 124.178.217.244.in-addr.arpa udp
US 8.8.8.8:53 56.51.78.90.in-addr.arpa udp
US 8.8.8.8:53 201.120.241.145.in-addr.arpa udp
US 8.8.8.8:53 150.171.171.130.in-addr.arpa udp
US 8.8.8.8:53 76.243.1.239.in-addr.arpa udp
US 8.8.8.8:53 105.35.61.149.in-addr.arpa udp
US 8.8.8.8:53 26.222.213.47.in-addr.arpa udp
US 8.8.8.8:53 14.193.143.90.in-addr.arpa udp
US 8.8.8.8:53 25.174.157.1.in-addr.arpa udp
US 8.8.8.8:53 103.50.236.154.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 167.72.125.195.in-addr.arpa udp
US 8.8.8.8:53 100.236.77.157.in-addr.arpa udp
US 8.8.8.8:53 97.118.222.53.in-addr.arpa udp
US 8.8.8.8:53 55.232.171.34.in-addr.arpa udp
US 8.8.8.8:53 246.243.119.42.in-addr.arpa udp
US 8.8.8.8:53 90.26.171.228.in-addr.arpa udp
US 8.8.8.8:53 176.177.11.119.in-addr.arpa udp
US 8.8.8.8:53 147.35.202.166.in-addr.arpa udp
US 8.8.8.8:53 30.96.97.55.in-addr.arpa udp
US 8.8.8.8:53 118.246.197.116.in-addr.arpa udp
US 8.8.8.8:53 191.181.134.98.in-addr.arpa udp
US 8.8.8.8:53 168.117.252.63.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.84.128.34.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.160.177.127.in-addr.arpa udp
US 8.8.8.8:53 73.164.87.244.in-addr.arpa udp
US 8.8.8.8:53 145.90.78.54.in-addr.arpa udp
US 8.8.8.8:53 8.236.121.45.in-addr.arpa udp
US 8.8.8.8:53 189.218.78.51.in-addr.arpa udp
US 8.8.8.8:53 160.177.197.103.in-addr.arpa udp
US 8.8.8.8:53 48.111.113.248.in-addr.arpa udp
US 8.8.8.8:53 181.115.207.22.in-addr.arpa udp
US 8.8.8.8:53 14.89.175.63.in-addr.arpa udp
US 8.8.8.8:53 142.187.127.153.in-addr.arpa udp
US 8.8.8.8:53 115.161.104.216.in-addr.arpa udp
US 8.8.8.8:53 145.165.52.235.in-addr.arpa udp
US 8.8.8.8:53 85.84.108.10.in-addr.arpa udp
US 8.8.8.8:53 63.136.219.252.in-addr.arpa udp
US 8.8.8.8:53 209.107.67.6.in-addr.arpa udp
US 8.8.8.8:53 221.253.44.216.in-addr.arpa udp
US 8.8.8.8:53 176.207.176.1.in-addr.arpa udp
US 8.8.8.8:53 209.44.2.52.in-addr.arpa udp
US 8.8.8.8:53 61.109.87.122.in-addr.arpa udp
US 8.8.8.8:53 93.220.176.23.in-addr.arpa udp
US 8.8.8.8:53 78.233.49.229.in-addr.arpa udp
US 8.8.8.8:53 169.78.28.123.in-addr.arpa udp
US 8.8.8.8:53 159.231.7.66.in-addr.arpa udp
US 8.8.8.8:53 237.243.236.38.in-addr.arpa udp
US 8.8.8.8:53 90.154.194.222.in-addr.arpa udp
US 8.8.8.8:53 39.118.39.91.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

memory/3920-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn [milf] leather .mpeg.exe

MD5 fc501d60de978e826b52494e83f9cc0f
SHA1 2fd651d273490391e21e4a6dedab5a7e01b90e1a
SHA256 5bfeb50b2593ef710ac9156d2ff588bb3117eaf4b917b2cb14001765fc358a62
SHA512 2fbce098152c61699a31147e587fa948f95af2b29de0488b37c191e0c2c6ac3b4d97b3ab835e9701c4a15378f23cada2dd75affd88f271cfcae8072cdf1e40fd

memory/1096-71-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2952-156-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2504-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-181-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1096-182-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2504-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-203-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-207-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-216-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-220-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-232-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-236-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-240-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3920-244-0x0000000000400000-0x000000000041E000-memory.dmp