Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-ypzqgsda31
Target 341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661
SHA256 341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661

Threat Level: Known bad

The file 341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:58

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:58

Reported

2024-04-07 20:00

Platform

win7-20240221-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action trambling several models (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast [milf] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse [bangbus] cock hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish handjob gay [milf] titts latex (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm hidden titts mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish fetish beast catfight titts 40+ (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian horse lesbian [free] (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian horse xxx public granny .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish cum trambling hidden feet black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse xxx full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\gay several models latex .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian cumshot lesbian full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\lingerie hot (!) (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian porn sperm [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie girls lady (Sonja,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\indian cum sperm uncut lady .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish kicking lingerie uncut titts YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black fetish lingerie full movie circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian horse sperm [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish porn gay big titts .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\DVD Maker\Shared\danish horse lesbian sleeping titts blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian licking redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse lingerie full movie hole sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Google\Temp\lesbian [milf] hole hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SoftwareDistribution\Download\italian kicking horse masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\blowjob voyeur titts beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\tyrkish action lesbian [bangbus] titts young .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\chinese beast [free] titts sm .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian trambling [bangbus] hole circumcision (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm [milf] 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\Downloaded Program Files\horse big hole castration .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\russian porn beast public ash (Jenna,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian lingerie girls bondage (Britney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian hardcore full movie high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black gang bang beast [milf] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american handjob horse full movie 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum lingerie [milf] feet mature .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\hardcore several models cock .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black porn gay uncut beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\lingerie [milf] (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french fucking public ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\fetish blowjob several models wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lingerie [bangbus] ash (Kathrin,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\indian gang bang hardcore big glans traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian action gay catfight cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african trambling catfight penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia xxx full movie stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\cum horse hidden balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\PLA\Templates\sperm masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob lesbian [free] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese fetish trambling masturbation glans bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\tmp\japanese beastiality xxx several models (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian beastiality fucking licking hole .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian lesbian masturbation 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\security\templates\tyrkish gang bang xxx hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\african hardcore lesbian wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\porn trambling voyeur balls .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\asian beast full movie high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\kicking fucking licking swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian fetish sperm hidden cock leather (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude xxx sleeping bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\russian handjob blowjob several models beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian blowjob [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british blowjob hidden boots (Sandy,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob masturbation high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\handjob hardcore full movie feet ìï (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude blowjob full movie latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\japanese porn lesbian several models gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\japanese cum bukkake big pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling voyeur sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese action sperm hot (!) feet YEâPSè& (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore licking cock mature (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\InstallTemp\tyrkish beastiality trambling licking (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cum bukkake voyeur wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot lingerie sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american horse gay voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\brasilian action gay lesbian titts .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cumshot sperm [bangbus] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german trambling licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black nude bukkake licking wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish gang bang horse public hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\asian beast hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake masturbation gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse hidden hole mature (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude lingerie girls hole sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\horse lesbian beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\Temp\bukkake masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\tyrkish action horse catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2208 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2604 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2604 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2604 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 2604 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

Processes

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 177.183.253.47.in-addr.arpa udp
US 8.8.8.8:53 139.219.238.49.in-addr.arpa udp
US 8.8.8.8:53 159.215.14.21.in-addr.arpa udp
US 8.8.8.8:53 81.253.137.96.in-addr.arpa udp
US 8.8.8.8:53 37.227.97.253.in-addr.arpa udp
US 8.8.8.8:53 104.134.127.151.in-addr.arpa udp
US 8.8.8.8:53 42.99.191.121.in-addr.arpa udp
US 8.8.8.8:53 213.204.28.135.in-addr.arpa udp
US 8.8.8.8:53 243.52.36.48.in-addr.arpa udp
US 8.8.8.8:53 223.135.236.33.in-addr.arpa udp
US 8.8.8.8:53 199.208.27.39.in-addr.arpa udp
US 8.8.8.8:53 117.17.189.240.in-addr.arpa udp
US 8.8.8.8:53 32.16.69.208.in-addr.arpa udp
US 8.8.8.8:53 241.201.31.211.in-addr.arpa udp
US 8.8.8.8:53 121.14.127.237.in-addr.arpa udp
US 8.8.8.8:53 54.117.69.164.in-addr.arpa udp
US 8.8.8.8:53 101.14.121.182.in-addr.arpa udp
US 8.8.8.8:53 21.106.109.73.in-addr.arpa udp
US 8.8.8.8:53 75.146.187.120.in-addr.arpa udp
US 8.8.8.8:53 36.184.186.235.in-addr.arpa udp
US 8.8.8.8:53 126.232.203.151.in-addr.arpa udp
US 8.8.8.8:53 96.44.236.161.in-addr.arpa udp
US 8.8.8.8:53 139.130.84.225.in-addr.arpa udp
US 8.8.8.8:53 159.47.86.120.in-addr.arpa udp
US 8.8.8.8:53 129.192.45.212.in-addr.arpa udp
US 8.8.8.8:53 59.13.124.86.in-addr.arpa udp
US 8.8.8.8:53 119.148.183.107.in-addr.arpa udp
US 8.8.8.8:53 179.72.76.27.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2208-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie girls lady (Sonja,Samantha).rar.exe

MD5 7ec47b1511937e4ea7fe8123a07c6b4a
SHA1 0add8a6447116b60f2196fc2018c6be47c48ad45
SHA256 3e2a28694b95322371e4a12160d834add10fc81a880dfc9f69fd4ae039c167bb
SHA512 3cd869e7822f0decc2bfbfa0791a58017d2eac9f8cb2bfea199b65b22515543d2c68406362ca12da53e79a995a3c04bc92961a9834b9e2be3a15b43dcad2bebf

memory/2208-64-0x0000000004D20000-0x0000000004D3E000-memory.dmp

memory/2604-65-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2604-89-0x0000000004F10000-0x0000000004F2E000-memory.dmp

memory/856-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2604-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/856-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-108-0x0000000004D20000-0x0000000004D3E000-memory.dmp

memory/2604-109-0x0000000004F10000-0x0000000004F2E000-memory.dmp

memory/2208-110-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-136-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-142-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-145-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:58

Reported

2024-04-07 20:00

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\swedish beastiality xxx hidden (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american handjob hardcore voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [milf] (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish animal trambling [free] feet pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian action blowjob hot (!) beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\System32\DriverStore\Temp\sperm hidden (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\kicking horse uncut blondie (Sandy,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian cumshot gay public leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish beastiality trambling full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese action bukkake [free] stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian cumshot xxx [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\Updates\Download\horse masturbation mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish cum horse girls (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish gang bang hardcore licking .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\brasilian handjob horse voyeur titts shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian nude beast several models feet (Jenna,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian horse gay big traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black horse lesbian big .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie [milf] upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black horse horse catfight (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american cum trambling several models titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\dotnet\shared\bukkake sleeping high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian porn lesbian hot (!) hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish beastiality hardcore [free] hole ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob several models hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian nude beast full movie 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish action gay masturbation sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Common Files\microsoft shared\beast girls upskirt (Anniston,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal beast masturbation fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black kicking sperm lesbian boots (Anniston,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\japanese cum fucking big blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\horse voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\malaysia xxx big castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\black animal horse lesbian ejaculation (Sandy,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\malaysia lingerie big 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\beastiality trambling voyeur feet blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\norwegian hardcore catfight beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\horse trambling hidden titts balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\norwegian bukkake voyeur (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian beastiality sperm catfight feet .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german xxx public glans traffic (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\Temp\italian kicking gay sleeping ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\chinese xxx [free] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\horse [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian beastiality beast [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fucking lesbian pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\beastiality horse [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\swedish animal sperm catfight feet circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beast big blondie (Britney,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\animal sperm [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\norwegian horse full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish handjob blowjob uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\russian porn horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\sperm public hole .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\gay big feet .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cumshot fucking catfight (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling licking (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\cum blowjob licking high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\german gay catfight latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\russian horse lesbian public cock upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\african horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\porn beast hot (!) upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\fucking voyeur ash .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british xxx voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\german fucking [milf] (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian trambling sleeping (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\italian gang bang gay full movie circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\cum sperm [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\indian kicking beast several models (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum blowjob [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\danish cum blowjob hot (!) leather .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\british hardcore several models (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\african sperm lesbian (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian porn hardcore voyeur hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum blowjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse sperm full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\japanese nude beast big (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\sperm uncut girly (Christine,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\animal lesbian hot (!) feet hotel (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish nude trambling full movie (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\russian cum bukkake [milf] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\indian animal trambling voyeur feet bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\french horse sleeping fishy (Sonja,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\sperm licking lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\gay [free] lady .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking hot (!) Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\beastiality beast licking (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia hardcore catfight traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\gay big titts upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\chinese lingerie voyeur glans blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\cum blowjob masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\gang bang sperm girls hole mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3520 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 3520 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 3520 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 4652 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 4652 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
PID 4652 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

Processes

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe

"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 104.251.225.49.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 3.250.129.83.in-addr.arpa udp
US 8.8.8.8:53 16.74.25.15.in-addr.arpa udp
US 8.8.8.8:53 106.223.10.168.in-addr.arpa udp
US 8.8.8.8:53 212.66.174.189.in-addr.arpa udp
US 8.8.8.8:53 208.229.243.231.in-addr.arpa udp
US 8.8.8.8:53 209.77.181.84.in-addr.arpa udp
US 8.8.8.8:53 206.247.100.65.in-addr.arpa udp
US 8.8.8.8:53 145.113.9.211.in-addr.arpa udp
US 8.8.8.8:53 165.24.162.183.in-addr.arpa udp
US 8.8.8.8:53 39.156.4.240.in-addr.arpa udp
US 8.8.8.8:53 131.205.47.224.in-addr.arpa udp
US 8.8.8.8:53 95.213.102.216.in-addr.arpa udp
US 8.8.8.8:53 195.87.120.238.in-addr.arpa udp
US 8.8.8.8:53 194.49.65.35.in-addr.arpa udp
US 8.8.8.8:53 202.115.124.244.in-addr.arpa udp
US 8.8.8.8:53 69.123.200.192.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.113.111.48.in-addr.arpa udp
US 8.8.8.8:53 157.176.61.253.in-addr.arpa udp
US 8.8.8.8:53 124.5.189.116.in-addr.arpa udp
US 8.8.8.8:53 11.91.113.124.in-addr.arpa udp
US 8.8.8.8:53 246.228.188.86.in-addr.arpa udp
US 8.8.8.8:53 201.235.6.129.in-addr.arpa udp
US 8.8.8.8:53 78.68.149.4.in-addr.arpa udp
US 8.8.8.8:53 126.65.52.46.in-addr.arpa udp
US 8.8.8.8:53 79.188.35.241.in-addr.arpa udp
US 8.8.8.8:53 176.61.27.178.in-addr.arpa udp
US 8.8.8.8:53 239.64.54.253.in-addr.arpa udp
US 8.8.8.8:53 215.12.110.175.in-addr.arpa udp
US 8.8.8.8:53 244.173.21.226.in-addr.arpa udp
US 8.8.8.8:53 8.68.214.110.in-addr.arpa udp
US 8.8.8.8:53 145.94.143.78.in-addr.arpa udp
US 8.8.8.8:53 137.149.189.159.in-addr.arpa udp
US 8.8.8.8:53 150.134.4.73.in-addr.arpa udp
US 8.8.8.8:53 44.120.44.123.in-addr.arpa udp
US 8.8.8.8:53 25.252.243.214.in-addr.arpa udp
US 8.8.8.8:53 121.94.124.53.in-addr.arpa udp
US 8.8.8.8:53 135.111.45.128.in-addr.arpa udp
US 8.8.8.8:53 222.112.247.243.in-addr.arpa udp
US 8.8.8.8:53 178.240.194.140.in-addr.arpa udp
US 8.8.8.8:53 165.8.247.141.in-addr.arpa udp
US 8.8.8.8:53 37.78.141.120.in-addr.arpa udp
US 8.8.8.8:53 238.44.218.42.in-addr.arpa udp
US 8.8.8.8:53 212.183.201.171.in-addr.arpa udp
US 8.8.8.8:53 61.123.156.26.in-addr.arpa udp
US 8.8.8.8:53 15.49.113.186.in-addr.arpa udp
US 8.8.8.8:53 209.226.225.187.in-addr.arpa udp
US 8.8.8.8:53 139.254.20.131.in-addr.arpa udp
US 8.8.8.8:53 117.1.112.244.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.186.128.211.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.125.219.172.in-addr.arpa udp
US 8.8.8.8:53 1.232.213.131.in-addr.arpa udp
US 8.8.8.8:53 10.136.100.3.in-addr.arpa udp
US 8.8.8.8:53 11.105.70.138.in-addr.arpa udp
US 8.8.8.8:53 231.247.41.114.in-addr.arpa udp
US 8.8.8.8:53 220.20.39.193.in-addr.arpa udp
US 8.8.8.8:53 185.201.196.1.in-addr.arpa udp
US 8.8.8.8:53 245.184.96.150.in-addr.arpa udp
US 8.8.8.8:53 166.253.163.53.in-addr.arpa udp
US 8.8.8.8:53 39.66.81.36.in-addr.arpa udp
US 8.8.8.8:53 130.105.209.32.in-addr.arpa udp
US 8.8.8.8:53 242.162.55.46.in-addr.arpa udp
US 8.8.8.8:53 236.179.217.213.in-addr.arpa udp
US 8.8.8.8:53 148.77.93.101.in-addr.arpa udp
US 8.8.8.8:53 193.51.157.193.in-addr.arpa udp
US 8.8.8.8:53 155.15.144.54.in-addr.arpa udp
US 8.8.8.8:53 68.202.98.151.in-addr.arpa udp
US 8.8.8.8:53 33.80.238.237.in-addr.arpa udp
US 8.8.8.8:53 204.76.233.187.in-addr.arpa udp
US 8.8.8.8:53 127.235.90.104.in-addr.arpa udp
US 8.8.8.8:53 2.11.178.21.in-addr.arpa udp
US 8.8.8.8:53 116.122.6.203.in-addr.arpa udp
US 8.8.8.8:53 161.252.205.6.in-addr.arpa udp
US 8.8.8.8:53 48.110.170.141.in-addr.arpa udp
US 8.8.8.8:53 52.225.179.142.in-addr.arpa udp
US 8.8.8.8:53 194.115.174.208.in-addr.arpa udp
US 8.8.8.8:53 23.86.210.233.in-addr.arpa udp
US 8.8.8.8:53 49.161.104.26.in-addr.arpa udp
US 8.8.8.8:53 255.132.72.216.in-addr.arpa udp
US 8.8.8.8:53 109.56.189.127.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/3520-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal beast masturbation fishy .mpg.exe

MD5 c48b91c1fed9495401110ee6feb23ddc
SHA1 a1b9eb50ba1a696d2c9bd2ee97ac3954e06080d1
SHA256 2c40663d2b6d297b5a4f1c216e541e0942b5fd34c3a5ec1857e850e310340a5f
SHA512 70b5acd50f16dd205e50f6ebe54bcc5193984e8dfd8d09e079aaf834ed91b057bd9c9072670b4c976bedc198dafae81eef92b7ccafdaa221c8300410f7c4436c

memory/4804-156-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4652-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-202-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-205-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-218-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-221-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3520-233-0x0000000000400000-0x000000000041E000-memory.dmp