Malware Analysis Report

2024-11-30 04:08

Sample ID 240408-bj3hvscb9x
Target c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a
SHA256 c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a

Threat Level: Known bad

The file c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:11

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:11

Reported

2024-04-08 01:13

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling girls cock .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish cumshot lesbian sleeping mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian cum xxx lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\horse voyeur leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake full movie cock leather .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black handjob hardcore hot (!) glans (Sonja,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian fucking [bangbus] glans penetration (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american handjob beast uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse xxx masturbation balls .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse gay licking titts redhair (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\american animal horse full movie (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish cumshot lingerie full movie hole (Sonja,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish nude gay public feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian cum horse [free] traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling [milf] (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\DVD Maker\Shared\xxx voyeur balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang blowjob girls swallow (Britney,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian gang bang beast lesbian granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx big .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\danish gang bang fucking sleeping (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian kicking beast public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish handjob hardcore sleeping (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm licking femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Windows Journal\Templates\lesbian licking (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese action horse uncut cock penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\lingerie [bangbus] blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\danish horse sperm hidden hole ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\british hardcore masturbation (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian cum hardcore girls (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\lingerie masturbation blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish handjob bukkake hot (!) boots (Ashley,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian lesbian hidden (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\xxx sleeping (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality blowjob big titts redhair (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum beast catfight titts bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian handjob lesbian hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish action gay lesbian cock gorgeoushorny (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\beast [bangbus] hole bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian porn trambling big swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\Downloaded Program Files\black horse lesbian licking leather .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish blowjob catfight swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian lesbian uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\lingerie masturbation gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\PLA\Templates\tyrkish cum gay several models ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\kicking fucking hidden mature (Anniston,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia xxx sleeping penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\norwegian lesbian licking (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\gay big (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese cumshot xxx girls .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german lingerie public (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american action lesbian voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian horse fucking sleeping titts high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\norwegian bukkake [milf] hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\norwegian trambling hidden glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\animal beast uncut glans shower (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian kicking bukkake [milf] penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fetish horse [milf] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\horse horse big titts (Britney,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm hidden hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lesbian public titts (Kathrin,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish cumshot lesbian masturbation hole .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french trambling licking hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx [free] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese beastiality lesbian uncut pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\asian xxx hot (!) (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\russian animal trambling [free] shoes (Anniston,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\InstallTemp\fucking several models glans .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob gay [free] cock young .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish gang bang xxx [free] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian kicking blowjob big titts boots .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\security\templates\xxx voyeur (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\african trambling voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french beast big stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\french blowjob uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese porn lingerie hot (!) cock ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\handjob horse voyeur blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\bukkake girls glans .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian xxx hidden 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\tmp\xxx full movie blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\lingerie hot (!) femdom (Sonja,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake voyeur hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish gang bang gay uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french gay catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian hardcore voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\kicking beast licking (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\animal trambling [bangbus] balls (Gina,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1300 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1696 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1696 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1696 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1696 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 1300 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 24.135.101.52.in-addr.arpa udp
US 8.8.8.8:53 139.156.107.98.in-addr.arpa udp
US 8.8.8.8:53 34.246.226.75.in-addr.arpa udp
US 8.8.8.8:53 45.24.65.200.in-addr.arpa udp
US 8.8.8.8:53 20.109.72.102.in-addr.arpa udp
US 8.8.8.8:53 168.209.60.93.in-addr.arpa udp
US 8.8.8.8:53 17.87.1.16.in-addr.arpa udp
US 8.8.8.8:53 131.236.70.55.in-addr.arpa udp
US 8.8.8.8:53 172.182.146.191.in-addr.arpa udp
US 8.8.8.8:53 124.11.31.199.in-addr.arpa udp
US 8.8.8.8:53 101.103.79.217.in-addr.arpa udp
US 8.8.8.8:53 6.189.152.96.in-addr.arpa udp
US 8.8.8.8:53 88.145.65.61.in-addr.arpa udp
US 8.8.8.8:53 155.86.137.13.in-addr.arpa udp
US 8.8.8.8:53 188.146.154.69.in-addr.arpa udp
US 8.8.8.8:53 105.160.236.51.in-addr.arpa udp
US 8.8.8.8:53 254.21.30.34.in-addr.arpa udp
US 8.8.8.8:53 32.111.75.26.in-addr.arpa udp
US 8.8.8.8:53 98.22.181.26.in-addr.arpa udp
US 8.8.8.8:53 6.219.222.112.in-addr.arpa udp
US 8.8.8.8:53 116.78.177.201.in-addr.arpa udp
US 8.8.8.8:53 35.76.9.240.in-addr.arpa udp

Files

memory/1300-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang blowjob girls swallow (Britney,Janette).zip.exe

MD5 d987965ef008841436979c55df6d054c
SHA1 5fb95b4b9d17b845b454796fa97fafd7af288450
SHA256 c73c400b207e9c40d3dcb973bb4543301943dfac38beda1e1ccc070f072d5d85
SHA512 6b31179b1453e41e2e250dccd13b11a7a31973699f39e046f7f0da0e1820704b4e3b2a633747adee555abe44e98ea10a9b33022c09fa33fa68e918ff6e1adf7b

memory/1300-48-0x0000000004B50000-0x0000000004B6E000-memory.dmp

memory/2400-49-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-86-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1696-87-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2940-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2400-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-91-0x0000000004B50000-0x0000000004B6E000-memory.dmp

memory/1300-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-97-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-115-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1300-153-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:11

Reported

2024-04-08 01:13

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\xxx public blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese cumshot beast full movie cock penetration (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish action trambling big .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake [milf] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black action hardcore [milf] glans ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian action fucking several models titts 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse licking leather (Britney,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian handjob lingerie voyeur hole bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\danish kicking blowjob voyeur high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish action trambling big .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\gay voyeur hole lady (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\danish fetish fucking hidden titts high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling licking glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse public beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese handjob fucking [bangbus] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese cum xxx girls titts fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm licking pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\blowjob sleeping cock ejaculation (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian girls (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish action bukkake hidden cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\bukkake lesbian feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake hot (!) feet latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Google\Temp\american cum blowjob masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\beast sleeping upskirt (Anniston,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\xxx [bangbus] femdom (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish porn horse lesbian hole (Gina,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian gang bang lingerie hidden glans redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\fucking hidden cock .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum beast hidden young .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\malaysia bukkake [bangbus] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot beast sleeping sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\french lingerie catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\trambling masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\lingerie hot (!) glans shower (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\british horse catfight titts 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\bukkake licking glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\danish porn fucking uncut sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\action beast hidden titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\russian handjob lesbian catfight cock shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\action gay [free] Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SoftwareDistribution\Download\asian hardcore voyeur feet girly (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\african sperm girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gang bang gay [free] mistress (Christine,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\american porn lesbian full movie beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cumshot hardcore big black hairunshaved (Anniston,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\american nude hardcore girls hotel (Kathrin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\malaysia sperm uncut leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\french trambling [bangbus] titts (Christine,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\swedish fetish trambling hot (!) fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian handjob beast masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\PLA\Templates\italian animal blowjob sleeping cock .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\beast hidden feet traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french xxx full movie 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling girls high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx licking glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\canadian xxx [free] castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\horse beast big (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\norwegian beast licking (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\porn bukkake hot (!) bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality bukkake big .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish animal trambling licking titts .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\handjob sperm full movie blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\gang bang bukkake several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\Downloaded Program Files\tyrkish fetish fucking girls hole .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\japanese action bukkake voyeur 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast hot (!) glans circumcision (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\chinese beast catfight 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse girls cock .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx hot (!) shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese hardcore masturbation (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\black beastiality sperm hidden boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian cumshot beast masturbation feet sm .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\danish horse beast catfight 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\indian cumshot gay hidden feet hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\trambling lesbian traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\cum sperm voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\handjob sperm uncut balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob hidden bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore [milf] feet ¼ë .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\fucking catfight circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\kicking gay uncut high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\swedish beastiality lesbian hidden glans circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\swedish nude bukkake [bangbus] upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\cumshot lesbian full movie blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\canadian trambling voyeur (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\CbsTemp\italian action blowjob catfight feet fishy (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british bukkake masturbation titts (Ashley,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\swedish action blowjob uncut (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\sperm uncut (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french gay girls feet shower .zip.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\gang bang xxx voyeur cock 50+ (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4840 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4840 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4840 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4840 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4840 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4840 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4864 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4864 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
PID 4864 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe

"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 188.156.129.184.in-addr.arpa udp
US 8.8.8.8:53 17.133.30.64.in-addr.arpa udp
US 8.8.8.8:53 172.221.104.100.in-addr.arpa udp
US 8.8.8.8:53 125.40.40.206.in-addr.arpa udp
US 8.8.8.8:53 117.190.85.33.in-addr.arpa udp
US 8.8.8.8:53 75.68.255.79.in-addr.arpa udp
US 8.8.8.8:53 100.167.195.179.in-addr.arpa udp
US 8.8.8.8:53 18.50.4.130.in-addr.arpa udp
US 8.8.8.8:53 110.86.229.187.in-addr.arpa udp
US 8.8.8.8:53 243.230.253.201.in-addr.arpa udp
US 8.8.8.8:53 62.124.173.194.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 145.148.226.180.in-addr.arpa udp
US 8.8.8.8:53 63.90.218.27.in-addr.arpa udp
US 8.8.8.8:53 89.26.202.1.in-addr.arpa udp
US 8.8.8.8:53 6.47.38.191.in-addr.arpa udp
US 8.8.8.8:53 187.164.58.138.in-addr.arpa udp
US 8.8.8.8:53 217.81.43.44.in-addr.arpa udp
US 8.8.8.8:53 107.164.107.45.in-addr.arpa udp
US 8.8.8.8:53 249.228.10.49.in-addr.arpa udp
US 8.8.8.8:53 33.245.234.93.in-addr.arpa udp
US 8.8.8.8:53 201.58.130.159.in-addr.arpa udp
US 8.8.8.8:53 11.160.233.185.in-addr.arpa udp
US 8.8.8.8:53 201.191.162.89.in-addr.arpa udp
US 8.8.8.8:53 243.201.27.144.in-addr.arpa udp
US 8.8.8.8:53 83.53.211.167.in-addr.arpa udp
US 8.8.8.8:53 156.250.75.60.in-addr.arpa udp
US 8.8.8.8:53 36.218.188.31.in-addr.arpa udp
US 8.8.8.8:53 101.170.47.136.in-addr.arpa udp
US 8.8.8.8:53 216.149.34.231.in-addr.arpa udp
US 8.8.8.8:53 209.37.74.57.in-addr.arpa udp
US 8.8.8.8:53 223.64.153.194.in-addr.arpa udp
US 8.8.8.8:53 144.152.239.32.in-addr.arpa udp
US 8.8.8.8:53 196.41.167.140.in-addr.arpa udp
US 8.8.8.8:53 88.220.61.108.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 250.120.180.11.in-addr.arpa udp
US 8.8.8.8:53 114.113.103.59.in-addr.arpa udp
US 8.8.8.8:53 236.255.139.153.in-addr.arpa udp
US 8.8.8.8:53 26.181.204.3.in-addr.arpa udp
US 8.8.8.8:53 162.30.95.28.in-addr.arpa udp
US 8.8.8.8:53 170.136.95.43.in-addr.arpa udp
US 8.8.8.8:53 217.168.66.218.in-addr.arpa udp
US 8.8.8.8:53 142.235.162.137.in-addr.arpa udp
US 8.8.8.8:53 186.114.154.209.in-addr.arpa udp
US 8.8.8.8:53 201.183.25.200.in-addr.arpa udp
US 8.8.8.8:53 143.100.157.100.in-addr.arpa udp
US 8.8.8.8:53 38.145.209.153.in-addr.arpa udp
US 8.8.8.8:53 15.168.2.92.in-addr.arpa udp
US 8.8.8.8:53 137.94.215.244.in-addr.arpa udp
US 8.8.8.8:53 43.39.236.162.in-addr.arpa udp
US 8.8.8.8:53 63.160.153.235.in-addr.arpa udp
US 8.8.8.8:53 10.58.147.239.in-addr.arpa udp
US 8.8.8.8:53 229.211.81.79.in-addr.arpa udp
US 8.8.8.8:53 25.232.234.252.in-addr.arpa udp
US 8.8.8.8:53 194.216.168.197.in-addr.arpa udp
US 8.8.8.8:53 216.28.251.156.in-addr.arpa udp
US 8.8.8.8:53 175.142.244.104.in-addr.arpa udp
US 8.8.8.8:53 17.37.212.133.in-addr.arpa udp
US 8.8.8.8:53 112.2.100.39.in-addr.arpa udp
US 8.8.8.8:53 6.132.202.39.in-addr.arpa udp
US 8.8.8.8:53 57.228.125.246.in-addr.arpa udp
US 8.8.8.8:53 141.76.171.97.in-addr.arpa udp
US 8.8.8.8:53 125.240.22.22.in-addr.arpa udp
US 8.8.8.8:53 235.82.195.186.in-addr.arpa udp
US 8.8.8.8:53 38.76.92.68.in-addr.arpa udp
US 8.8.8.8:53 81.149.251.124.in-addr.arpa udp
US 8.8.8.8:53 151.197.80.89.in-addr.arpa udp
US 8.8.8.8:53 143.127.19.231.in-addr.arpa udp
US 8.8.8.8:53 140.37.115.24.in-addr.arpa udp
US 8.8.8.8:53 179.80.19.252.in-addr.arpa udp
US 8.8.8.8:53 195.123.237.241.in-addr.arpa udp
US 8.8.8.8:53 243.106.185.177.in-addr.arpa udp
US 8.8.8.8:53 213.245.143.153.in-addr.arpa udp
US 8.8.8.8:53 236.115.46.27.in-addr.arpa udp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 142.63.171.192.in-addr.arpa udp

Files

memory/4840-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese cum xxx girls titts fishy .avi.exe

MD5 4d2a95865e195d79498f00d7682ccda2
SHA1 91825bc15659fe62a54231a3c343e03dd6f514c1
SHA256 e9780d76cb448fc857fb9e77583114cd86e39ef4b6600ad1bf80d57a86c8bea6
SHA512 45a423a04bbac1cbb6e29b94a7f571251fb942210e83cad8592f59e8699aa278bd996692511e523377b5eaed6dd6c0ae2140a6b085d8898183a94687e2a266f6

memory/4864-32-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5036-161-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4084-162-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5036-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4084-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-213-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-218-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-222-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-226-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-234-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-238-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-242-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-246-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-250-0x0000000000400000-0x000000000041E000-memory.dmp