Analysis Overview
SHA256
3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc
Threat Level: Known bad
The file 3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:13
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:13
Reported
2024-04-07 20:15
Platform
win7-20240215-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\danish animal lesbian lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\sperm public hole hairy (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse girls glans leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\sperm girls ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish beastiality lingerie public (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian gang bang sperm [bangbus] (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian fetish blowjob licking YEâPSè& (Kathrin,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\asian fucking sleeping sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish horse trambling hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish cum fucking masturbation hole hairy (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\xxx full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian animal lingerie [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black gang bang fucking lesbian YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian kicking fucking [milf] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish fetish hardcore catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish animal beast several models sm (Gina,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\danish action xxx several models cock mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish cum trambling lesbian girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\russian horse trambling girls traffic (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish handjob bukkake [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\japanese fetish lesbian lesbian glans (Sonja,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\blowjob uncut cock 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\italian gang bang horse voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african bukkake [free] mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\japanese animal gay hidden granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\fucking big redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\japanese handjob xxx several models 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse licking hole hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\french trambling [milf] hole shoes (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\beast hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian action hardcore public fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish kicking lesbian voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\xxx girls boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\gay catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish blowjob catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lingerie public cock circumcision (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\indian gang bang lesbian catfight feet shoes (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cum fucking licking blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cumshot gay lesbian titts (Sandy,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\black kicking lingerie big ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish handjob sperm public high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\beast [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\canadian sperm licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cum trambling hidden hole boots (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\kicking lingerie lesbian hole femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish kicking bukkake [milf] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish fetish xxx lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\Temp\japanese fetish fucking licking YEâPSè& (Britney,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\norwegian gay hidden ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish horse bukkake full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian cumshot hardcore [free] cock sm (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\fetish fucking uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish porn lingerie licking glans boots (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia bukkake hot (!) (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american beastiality horse several models beautyfull (Kathrin,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\norwegian lingerie girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\danish porn xxx public gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia lingerie uncut cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\french lingerie [bangbus] beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian gay full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian nude fucking several models feet (Sandy,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\american animal sperm sleeping ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\italian cumshot lesbian sleeping titts granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\fucking licking bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french beast uncut titts (Kathrin,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\nude lingerie uncut (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\temp\brasilian beastiality gay big girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking gay lesbian boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\action fucking public hole traffic (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german bukkake hidden titts granny (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\american nude lesbian several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\black horse trambling girls sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\malaysia gay [milf] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian cumshot blowjob public (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\tmp\american cumshot sperm public cock sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american handjob fucking lesbian ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\black horse beast hidden (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\british hardcore sleeping glans latex (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian fucking catfight hole (Anniston,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fetish blowjob hidden leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\tyrkish animal fucking uncut feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\blowjob catfight upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish kicking trambling full movie upskirt (Jenna,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\hardcore public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 10.78.5.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.211.152.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.213.8.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.211.39.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.86.118.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.162.66.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.222.30.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.133.17.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.192.243.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.116.199.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.8.189.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.86.241.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.214.166.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.87.155.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.147.3.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.84.128.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.139.158.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.133.200.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.137.67.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.105.55.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.149.82.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.149.6.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.155.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.243.179.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.123.32.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.196.254.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.54.103.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.110.252.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.95.195.239.in-addr.arpa | udp |
Files
memory/1728-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay girls stockings .mpg.exe
| MD5 | 18bdf1806ce04e968c32e6f2a3deb01c |
| SHA1 | 0f6dc97b3cd24107257964c4dfa856b9d86aed5c |
| SHA256 | e846f8b8b4031f45dd2479779f80e3b0ed0a0c62ea5cdb5677aafa9b05422c6a |
| SHA512 | 195f22d1a506e7aca12fd764d63aa6da4c6e36ae94bef2a539165fb4fcdbe58a4071fdbeb35cf4911fccad29541b1027933f363ee31fa34bce202c7bebb49283 |
memory/1728-53-0x00000000057C0000-0x00000000057E9000-memory.dmp
memory/2720-55-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2720-89-0x0000000004910000-0x0000000004939000-memory.dmp
memory/2636-90-0x0000000000400000-0x0000000000429000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:13
Reported
2024-04-07 20:15
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese action trambling [bangbus] fishy (Kathrin,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob full movie feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian handjob gay lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\hardcore licking (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob sleeping hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish porn lingerie [bangbus] (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian cum hardcore voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese nude gay catfight ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian fetish hardcore several models cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black animal lingerie [bangbus] stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang beast uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish beastiality trambling voyeur hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian kicking fucking [milf] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese action trambling voyeur girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\hardcore girls leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling big ash (Jenna,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black gang bang fucking lesbian YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish action xxx several models cock mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish cum trambling lesbian girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\blowjob uncut cock 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\russian horse trambling girls traffic (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian animal horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\indian kicking sperm big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob bukkake [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore hot (!) cock swallow (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian nude hardcore [bangbus] circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\dotnet\shared\italian gang bang horse voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\xxx full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling lesbian young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\japanese gang bang lingerie several models beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\handjob lingerie hot (!) (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian gang bang lingerie several models feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\chinese fucking hidden mistress (Gina,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\american animal blowjob girls cock hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish kicking horse uncut glans (Gina,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\xxx licking sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\british lingerie [bangbus] penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\gay licking pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish cum fucking big .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african trambling voyeur glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\animal hardcore [milf] titts latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish fetish beast [free] (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\german lingerie big glans swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian horse uncut castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\gay masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian handjob blowjob full movie swallow (Christine,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\italian cumshot horse sleeping circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\action xxx [free] upskirt (Jenna,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\japanese porn fucking [bangbus] cock leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\assembly\tmp\swedish animal xxx several models high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american gang bang beast catfight titts sweet (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian handjob beast big (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\french hardcore uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\beast full movie glans black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia fucking catfight (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\indian porn hardcore full movie gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\malaysia gay lesbian shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\italian animal lesbian [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\german horse public titts young .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian kicking beast [free] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\cum lingerie full movie penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\asian blowjob [free] girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\horse fucking uncut hole black hairunshaved (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\asian trambling several models shoes (Sandy,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cumshot trambling hot (!) cock black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gang bang horse several models mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian lesbian catfight (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese gay lesbian titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\nude sperm girls titts castration (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\horse licking upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french xxx hidden blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\cum gay [bangbus] (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\fetish beast uncut (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\african horse several models cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\trambling several models sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\russian beastiality blowjob [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\security\templates\japanese porn blowjob [free] YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\canadian beast uncut titts boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\beast full movie (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian handjob gay sleeping glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black action bukkake [free] feet penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\african gay sleeping fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\malaysia fucking hidden ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\chinese lingerie catfight hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\beastiality blowjob full movie cock bondage (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\norwegian horse hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\bukkake hidden cock (Britney,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse lesbian uncut titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\canadian blowjob public .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\chinese sperm [free] YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\action fucking big beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\handjob trambling girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe
"C:\Users\Admin\AppData\Local\Temp\3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.19.202.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.123.217.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.27.36.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.200.138.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.131.92.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.57.250.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.223.185.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.97.204.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.241.91.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.220.234.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.148.117.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.126.199.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.29.24.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.184.81.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.94.100.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.189.59.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.238.213.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.22.153.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.199.20.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.226.72.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.48.201.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.72.235.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.161.11.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.231.104.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.147.249.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.75.172.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.46.47.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.167.236.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.190.107.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.101.46.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.28.78.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.129.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.222.80.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.153.32.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.207.39.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.5.135.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.58.242.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.93.2.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.141.113.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.32.54.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.150.14.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.100.157.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.16.128.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.113.74.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.211.115.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.53.17.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.16.62.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.131.211.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.59.187.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.22.204.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.169.70.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.211.118.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.164.244.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.122.43.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.140.164.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.73.98.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.180.73.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.129.166.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.85.214.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.54.40.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.108.68.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.115.119.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.39.188.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.105.2.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.23.55.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.121.22.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.152.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.128.52.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.7.102.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.13.98.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.170.252.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.126.6.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.176.8.96.in-addr.arpa | udp |
Files
memory/2844-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay girls stockings .mpg.exe
| MD5 | 18bdf1806ce04e968c32e6f2a3deb01c |
| SHA1 | 0f6dc97b3cd24107257964c4dfa856b9d86aed5c |
| SHA256 | e846f8b8b4031f45dd2479779f80e3b0ed0a0c62ea5cdb5677aafa9b05422c6a |
| SHA512 | 195f22d1a506e7aca12fd764d63aa6da4c6e36ae94bef2a539165fb4fcdbe58a4071fdbeb35cf4911fccad29541b1027933f363ee31fa34bce202c7bebb49283 |
memory/3088-21-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3932-151-0x0000000000400000-0x0000000000429000-memory.dmp