Malware Analysis Report

2024-11-13 13:57

Sample ID 240407-yxrd3sdc4t
Target 39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126
SHA256 39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126

Threat Level: Known bad

The file 39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:10

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:10

Reported

2024-04-07 20:12

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\black porn blowjob several models pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\IME\shared\sperm sleeping boots (Anniston,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\fucking sleeping (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling [bangbus] cock young .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian fetish bukkake [bangbus] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\System32\DriverStore\Temp\italian beastiality horse hot (!) sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish cumshot fucking voyeur gorgeoushorny (Ashley,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish horse bukkake big shoes (Jenna,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian beastiality trambling several models hole femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling hot (!) glans black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\horse public .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian cum blowjob hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Windows Journal\Templates\fucking masturbation feet fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse several models glans .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black nude sperm hidden bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\bukkake girls hole pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm [free] bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\japanese beastiality horse [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian fetish bukkake [bangbus] stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian cumshot lesbian full movie cock sm .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese gang bang fucking [milf] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian horse beast public YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\danish cumshot trambling lesbian cock mature .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese horse xxx big glans latex .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish hardcore hidden castration .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\russian nude hardcore girls castration (Gina,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\handjob fucking sleeping redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\spanish gay big .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\tyrkish beastiality beast hidden feet .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian lingerie sleeping blondie (Anniston,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob [free] hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gay hot (!) (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\porn sperm full movie feet sm .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn bukkake catfight blondie (Sonja,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\Temp\russian cum horse [free] titts hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\black cum xxx licking ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\african lingerie big 40+ (Gina,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\german bukkake hidden feet .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\black horse lingerie lesbian castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\african sperm hot (!) leather (Gina,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\chinese trambling hot (!) balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian porn lingerie masturbation titts 40+ (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\tyrkish fetish horse hidden (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cumshot xxx [free] titts wifey (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gang bang lesbian [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\asian horse catfight boots .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling lesbian hole YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian xxx [free] titts 50+ (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie [free] hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian bukkake public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\sperm girls titts .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian fetish bukkake lesbian cock (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese kicking beast uncut hairy (Sonja,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\asian hardcore full movie (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\horse xxx hot (!) blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\russian cumshot bukkake masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian trambling big cock .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian gang bang trambling [milf] hole black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian animal lesbian public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\spanish fucking hidden feet swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\spanish lesbian voyeur hole shoes (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\horse full movie cock .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian gay sleeping redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish nude bukkake hidden hole castration .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\malaysia beast sleeping cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\InstallTemp\hardcore [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese cum horse licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\british blowjob several models .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish porn horse sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian catfight hole fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\spanish trambling public .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\asian gay voyeur hole mature (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\chinese sperm licking (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\beast hidden penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\italian gang bang sperm hot (!) hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\horse big hole shower (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\trambling several models glans YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beast girls titts black hairunshaved (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\indian gang bang horse licking mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\american beastiality lingerie catfight bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\danish fetish hardcore hidden sm (Sandy,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\fetish horse [bangbus] cock sm (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\security\templates\russian action sperm [milf] glans mature (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese kicking sperm [bangbus] young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\brasilian cumshot trambling hidden feet swallow (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2024 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2024 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2024 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2532 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2532 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2532 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2532 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

Processes

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 119.161.124.226.in-addr.arpa udp
US 8.8.8.8:53 139.62.142.121.in-addr.arpa udp
US 8.8.8.8:53 26.179.144.115.in-addr.arpa udp
US 8.8.8.8:53 17.39.9.90.in-addr.arpa udp
US 8.8.8.8:53 203.251.16.50.in-addr.arpa udp
US 8.8.8.8:53 139.76.105.45.in-addr.arpa udp
US 8.8.8.8:53 79.128.246.25.in-addr.arpa udp
US 8.8.8.8:53 234.6.10.185.in-addr.arpa udp
US 8.8.8.8:53 252.174.53.129.in-addr.arpa udp
US 8.8.8.8:53 198.75.2.60.in-addr.arpa udp
US 8.8.8.8:53 162.38.77.70.in-addr.arpa udp
US 8.8.8.8:53 12.155.61.138.in-addr.arpa udp
US 8.8.8.8:53 96.190.248.117.in-addr.arpa udp
US 8.8.8.8:53 103.160.146.35.in-addr.arpa udp
US 8.8.8.8:53 119.125.5.3.in-addr.arpa udp
US 8.8.8.8:53 247.108.32.238.in-addr.arpa udp
US 8.8.8.8:53 157.60.179.91.in-addr.arpa udp
US 8.8.8.8:53 92.234.195.177.in-addr.arpa udp
US 8.8.8.8:53 35.131.175.155.in-addr.arpa udp
US 8.8.8.8:53 241.129.103.123.in-addr.arpa udp
US 8.8.8.8:53 10.16.89.228.in-addr.arpa udp
US 8.8.8.8:53 93.218.245.126.in-addr.arpa udp

Files

memory/2024-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\horse several models glans .rar.exe

MD5 9af1ad3c766240e23431618ba9fe8fc9
SHA1 3634f86893c67b43cec8ff15d078faa818f26364
SHA256 a9cf128b0504ef703af393cba2da9d8a3e969efdf98dfd8f650fa6f995b18d29
SHA512 349d9a5673f39d8f00b662e5ace610c3026010b3c4c180b27b191346453b660e1043f5a91248ca6f373b7d7cfa90a51b00510120d278aae02fa7e298a85ff3fd

memory/2532-16-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2532-61-0x00000000044A0000-0x00000000044BC000-memory.dmp

memory/2024-85-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2532-86-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2404-87-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-88-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-89-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-92-0x0000000004870000-0x000000000488C000-memory.dmp

memory/2024-94-0x0000000000400000-0x000000000041C000-memory.dmp

C:\debug.txt

MD5 de501c17d1dec9cb05179b0dad85aa4d
SHA1 809de62699955c9b1b20670c48ffbd5c4000188b
SHA256 12ea4c177fa8e5f1ac3ac9d497949a47a43d0860c6af57085140b0e2b7ed63ba
SHA512 24d712ecaf66102d6e76ee54e901130b7838614b48dad88ec418ba8d0b6180c1b33589273220af5c951df2187554bca755a7d351688c329e48153842356382ea

memory/2024-107-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-110-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-113-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-116-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-119-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-124-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-127-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-130-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-133-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-136-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-139-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2024-142-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:10

Reported

2024-04-07 20:12

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian kicking voyeur feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian sperm full movie tß .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\handjob [bangbus] cock redhair (Jade,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\nude lesbian vagina sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\handjob sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse several models castration .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish porn trambling masturbation boots (Sonja,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\handjob nude voyeur (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia cumshot hot (!) cock femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\asian sperm gang bang several models girly (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish blowjob nude [bangbus] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\System32\DriverStore\Temp\beastiality sleeping (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\spanish xxx lingerie hidden bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian nude hidden ash blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore sleeping balls .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\animal sperm hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian horse beastiality sleeping titts beautyfull (Sylvia,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\handjob action lesbian Ôï (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Common Files\microsoft shared\chinese trambling uncut titts YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\bukkake masturbation legs ash .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black hardcore sperm [bangbus] lady .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Google\Temp\american beastiality voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese cumshot horse voyeur penetration (Gina,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\dotnet\shared\beast gang bang hot (!) titts mistress (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\french nude xxx big .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\beast animal [bangbus] pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude full movie feet upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang trambling lesbian vagina circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german horse trambling big .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\cumshot masturbation bedroom (Sonja,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn [free] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling sperm uncut young (Janette,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\african horse uncut pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\black lesbian horse masturbation mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\brasilian handjob lesbian licking (Anniston,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\horse porn full movie titts .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\german beast [bangbus] legs .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\gay cum lesbian black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx horse catfight glans Ôï (Sandy,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\hardcore several models traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german hardcore sleeping mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\bukkake handjob [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\indian sperm hot (!) hairy (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\xxx licking bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\kicking big glans hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cum several models .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\italian cumshot sleeping hole 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\horse sleeping titts YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian horse animal several models .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\lingerie uncut wifey (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\japanese lingerie masturbation ash bedroom (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\kicking cumshot [bangbus] cock balls (Jenna,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\horse sleeping hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian lesbian gang bang big .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\horse hot (!) wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian cum kicking several models cock (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\Downloaded Program Files\horse horse [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\gang bang sleeping glans .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\swedish handjob beast public 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\russian sperm kicking [free] legs leather .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\tyrkish bukkake [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gang bang [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american gay full movie black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\french horse several models boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\black fucking fetish masturbation mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\african hardcore fetish big bedroom (Sonja,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british sperm several models .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american gay masturbation sm (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\blowjob xxx several models .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\chinese cum public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\lingerie nude hidden glans 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian lesbian uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\russian fucking hidden glans lady (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish animal several models hotel (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\canadian horse several models Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\russian sperm [bangbus] ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\norwegian fucking porn lesbian titts castration (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\tyrkish animal voyeur hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\lesbian hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\malaysia xxx public nipples shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\african xxx beastiality several models feet 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian lesbian hot (!) (Karin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\sperm [free] (Samantha,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast kicking hidden traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\norwegian animal bukkake [milf] ash lady .rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\french hardcore action [milf] redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\bukkake several models gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\british gay horse public vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\swedish animal fucking several models boobs 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\black nude action [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\InstallTemp\cum licking nipples circumcision (Sylvia,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\chinese horse voyeur nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\bukkake girls boobs ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\lesbian sperm hot (!) (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian porn several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4428 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 4428 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 4428 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 4428 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 4428 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 4428 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2304 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2304 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe
PID 2304 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

Processes

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe

"C:\Users\Admin\AppData\Local\Temp\39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.248.46.231.in-addr.arpa udp
US 8.8.8.8:53 251.234.126.132.in-addr.arpa udp
US 8.8.8.8:53 24.94.37.189.in-addr.arpa udp
US 8.8.8.8:53 133.101.161.38.in-addr.arpa udp
US 8.8.8.8:53 44.224.61.184.in-addr.arpa udp
US 8.8.8.8:53 111.41.94.79.in-addr.arpa udp
US 8.8.8.8:53 118.154.45.138.in-addr.arpa udp
US 8.8.8.8:53 7.191.44.179.in-addr.arpa udp
US 8.8.8.8:53 40.237.30.181.in-addr.arpa udp
US 8.8.8.8:53 182.178.151.132.in-addr.arpa udp
US 8.8.8.8:53 167.67.39.78.in-addr.arpa udp
US 8.8.8.8:53 55.87.206.222.in-addr.arpa udp
US 8.8.8.8:53 18.148.5.224.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 71.135.144.255.in-addr.arpa udp
US 8.8.8.8:53 202.30.81.172.in-addr.arpa udp
US 8.8.8.8:53 205.175.237.173.in-addr.arpa udp
US 8.8.8.8:53 162.85.11.31.in-addr.arpa udp
US 8.8.8.8:53 58.30.241.162.in-addr.arpa udp
US 8.8.8.8:53 134.28.229.118.in-addr.arpa udp
US 8.8.8.8:53 212.108.97.60.in-addr.arpa udp
US 8.8.8.8:53 1.25.182.93.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 59.143.15.197.in-addr.arpa udp
US 8.8.8.8:53 170.83.64.154.in-addr.arpa udp
US 8.8.8.8:53 164.46.92.172.in-addr.arpa udp
US 8.8.8.8:53 144.40.90.3.in-addr.arpa udp
US 8.8.8.8:53 194.125.42.171.in-addr.arpa udp
US 8.8.8.8:53 20.103.42.138.in-addr.arpa udp
US 8.8.8.8:53 60.68.5.70.in-addr.arpa udp
US 8.8.8.8:53 226.94.91.147.in-addr.arpa udp
US 8.8.8.8:53 83.219.123.73.in-addr.arpa udp
US 8.8.8.8:53 91.185.170.171.in-addr.arpa udp
US 8.8.8.8:53 24.134.210.79.in-addr.arpa udp
US 8.8.8.8:53 121.191.132.231.in-addr.arpa udp
US 8.8.8.8:53 100.123.121.172.in-addr.arpa udp
US 8.8.8.8:53 109.251.125.180.in-addr.arpa udp
US 8.8.8.8:53 139.166.239.38.in-addr.arpa udp
US 8.8.8.8:53 189.36.66.43.in-addr.arpa udp
US 8.8.8.8:53 174.74.72.210.in-addr.arpa udp
US 8.8.8.8:53 181.125.100.229.in-addr.arpa udp
US 8.8.8.8:53 111.135.215.9.in-addr.arpa udp
US 8.8.8.8:53 55.249.242.185.in-addr.arpa udp
US 8.8.8.8:53 194.176.151.140.in-addr.arpa udp
US 8.8.8.8:53 146.149.220.145.in-addr.arpa udp
US 8.8.8.8:53 24.47.28.6.in-addr.arpa udp
US 8.8.8.8:53 20.159.210.55.in-addr.arpa udp
US 8.8.8.8:53 193.32.18.179.in-addr.arpa udp
US 8.8.8.8:53 82.111.254.242.in-addr.arpa udp
US 8.8.8.8:53 180.147.249.73.in-addr.arpa udp
US 8.8.8.8:53 29.14.58.29.in-addr.arpa udp
US 8.8.8.8:53 75.235.169.240.in-addr.arpa udp
US 8.8.8.8:53 103.44.94.81.in-addr.arpa udp
US 8.8.8.8:53 177.200.210.70.in-addr.arpa udp
US 8.8.8.8:53 138.175.13.71.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 88.181.245.20.in-addr.arpa udp
US 8.8.8.8:53 66.241.89.197.in-addr.arpa udp
US 8.8.8.8:53 251.8.99.74.in-addr.arpa udp

Files

memory/4428-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude full movie feet upskirt .avi.exe

MD5 2050eaeebed3eb1e4ffb3727472968df
SHA1 30fae82cdf815c3576c415d2f2df5fa3f39f8181
SHA256 95deb041796ed671b15a9f3c3db0b77d17bacd32780e4f49b5e4c75cc0fb552b
SHA512 e3ae05302618d74eb109c9dd46c4e748604674d05e87471b18326897121fd26e1bd39a47169b0473b5b80ea41ab4f2a019dc6be469ecb78626a6e00223b6e19a

memory/2304-11-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4064-21-0x0000000000400000-0x000000000041C000-memory.dmp

memory/452-27-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-154-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2304-169-0x0000000000400000-0x000000000041C000-memory.dmp

memory/452-188-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4064-187-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-189-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-190-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-194-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-207-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-212-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-216-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-222-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-232-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-236-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-240-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-244-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-249-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-253-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4428-257-0x0000000000400000-0x000000000041C000-memory.dmp