Malware Analysis Report

2024-11-13 14:27

Sample ID 240614-czwkxswcjj
Target abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8
SHA256 abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8

Threat Level: Known bad

The file abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:31

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:31

Reported

2024-06-14 02:34

Platform

win7-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese horse big .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\System32\DriverStore\Temp\trambling catfight swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black animal [bangbus] castration .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\handjob uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish beastiality horse [free] legs young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\spanish animal xxx [bangbus] feet (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\kicking lesbian legs femdom (Tatjana,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\IME\shared\asian gang bang beastiality hidden leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish xxx fucking girls nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish xxx horse girls balls .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\canadian handjob several models cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\DVD Maker\Shared\malaysia gang bang [bangbus] titts hairy (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Windows Journal\Templates\japanese beastiality gay hot (!) legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish sleeping nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian cumshot horse [free] titts (Christine,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [bangbus] vagina ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot kicking [milf] mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\asian trambling full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\african cum handjob sleeping hole girly .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\fetish handjob licking hole (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish nude lesbian shoes (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\spanish cum horse uncut girly .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese beast [free] high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling animal [bangbus] 50+ (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian kicking handjob full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast hidden (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\black fucking fucking licking nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish porn bukkake masturbation bondage (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\cum several models granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese cumshot [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\action animal full movie wifey (Tatjana,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german sperm girls titts fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gay lesbian blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\beastiality big young .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian horse beastiality [milf] (Curtney,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese fucking [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public (Kathrin,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\blowjob voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish bukkake several models .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\canadian beast [milf] wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\InstallTemp\xxx [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\action hidden balls (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\tmp\beast lingerie hidden YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian cum sperm girls titts (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american animal fucking voyeur young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\indian fucking big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SoftwareDistribution\Download\norwegian gang bang xxx voyeur lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\kicking blowjob [free] femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude hot (!) blondie (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\black sperm big traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie beastiality full movie legs pregnant (Sonja,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\xxx porn [bangbus] (Sonja,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian beast voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black hardcore beast [milf] cock fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob uncut vagina beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\black gang bang gay public legs hairy (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\nude porn hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian beast cum hidden stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia gay [milf] boobs circumcision (Samantha,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore beast [milf] nipples balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\french kicking masturbation titts leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\handjob [bangbus] latex .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\xxx gang bang uncut titts gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\canadian trambling bukkake hidden legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lingerie nude full movie boots .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese lesbian kicking full movie ash upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\gay voyeur YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beast nude full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish cumshot horse [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\spanish nude porn [free] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian action lesbian sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian porn hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\bukkake uncut boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\trambling hardcore sleeping hole high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\sperm lesbian boots (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american nude [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang uncut vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\temp\cum gay licking cock shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian handjob horse hidden (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\animal action masturbation YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian handjob girls .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\indian sperm trambling [milf] gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\black gang bang kicking licking redhair (Sylvia,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\chinese porn lesbian girls 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\handjob action voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1928 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1928 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1928 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1928 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 1720 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

Processes

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 230.228.189.26.in-addr.arpa udp
US 8.8.8.8:53 36.81.19.221.in-addr.arpa udp
US 8.8.8.8:53 3.82.229.4.in-addr.arpa udp
US 8.8.8.8:53 152.46.95.52.in-addr.arpa udp
US 8.8.8.8:53 233.125.225.48.in-addr.arpa udp
US 8.8.8.8:53 222.168.143.162.in-addr.arpa udp
US 8.8.8.8:53 167.122.25.68.in-addr.arpa udp
US 8.8.8.8:53 3.228.142.220.in-addr.arpa udp
US 8.8.8.8:53 164.50.57.26.in-addr.arpa udp
US 8.8.8.8:53 200.138.62.101.in-addr.arpa udp
US 8.8.8.8:53 71.50.180.110.in-addr.arpa udp
US 8.8.8.8:53 143.160.250.55.in-addr.arpa udp
US 8.8.8.8:53 84.186.113.254.in-addr.arpa udp
US 8.8.8.8:53 105.202.254.157.in-addr.arpa udp
US 8.8.8.8:53 13.217.217.34.in-addr.arpa udp
US 8.8.8.8:53 112.86.255.165.in-addr.arpa udp
US 8.8.8.8:53 46.34.51.210.in-addr.arpa udp
US 8.8.8.8:53 211.123.200.95.in-addr.arpa udp
US 8.8.8.8:53 18.129.168.32.in-addr.arpa udp
US 8.8.8.8:53 103.242.136.182.in-addr.arpa udp
US 8.8.8.8:53 185.7.208.50.in-addr.arpa udp
US 8.8.8.8:53 159.165.200.238.in-addr.arpa udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot kicking [milf] mature .mpg.exe

MD5 771ae278e5e9c1c3954dc9956cda2b8a
SHA1 5cdda0bd26e00cb45037400c2780c25e0f74c7e7
SHA256 f8b9b7059efa05736be01ca885d9de8b22ade3fe7cd2d8e18c769f3d76d184f9
SHA512 1c0f4ca8468b16cc9734d35c54dbcbf05df90b6725276f7e99ac00d7c1c9b4426a21ae4160c2f152799acfd9a8d3cb10cd4b368c0eda9d0a7493d6497fd26eae

C:\debug.txt

MD5 8182e9ca7e23c921f3ce367c62e19da6
SHA1 ffab977465f027bbbbda5c51366ddf5043692f34
SHA256 ffa849edfbc1a0f5edfb1b39bc48ce5307a75348a35299b02424bc4be37ddcd9
SHA512 3036445b88f8fe44425f37cc9fe2eee5155a500c9788224d91f99750714788ea60083b47b67e0ee32877b6089bb8517e67fa10b62f3953f5f1e54a9df6f3f790

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:31

Reported

2024-06-14 02:33

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\brasilian kicking uncut balls (Jade,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\malaysia handjob voyeur hole swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french sperm hardcore uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian full movie feet leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian nude hot (!) ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian horse big .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob several models ash blondie (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beastiality lingerie uncut glans hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\italian porn lingerie full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish handjob bukkake uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian [bangbus] girly (Britney,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\porn bukkake girls .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\sperm horse uncut cock 50+ (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\african horse girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish nude beastiality lesbian nipples swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm licking hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian lesbian xxx [free] shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african gay horse voyeur ejaculation (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish public .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\dotnet\shared\indian horse nude hot (!) (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american trambling licking cock boots .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian xxx sleeping ash (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\animal trambling [free] glans beautyfull (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\indian trambling big .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german bukkake beast sleeping boots .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\canadian gang bang action uncut sm .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\handjob lingerie several models upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm masturbation vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\beastiality xxx several models cock ash (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{012F12C5-F267-46F5-BABE-4C602515640C}\EDGEMITMP_0327D.tmp\african xxx uncut girly (Sylvia,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black trambling kicking hidden swallow (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Program Files (x86)\Google\Temp\porn cum big boobs Ôï (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish lesbian [bangbus] hole lady .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\bukkake cum [milf] legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese gang bang porn catfight high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese horse nude [free] redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\american lesbian [free] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\gay cum sleeping glans .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude big ash lady .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling horse hot (!) boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\malaysia xxx lesbian girls hole .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\fetish lesbian sweet (Gina,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\beast nude lesbian balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\indian horse xxx sleeping boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\Temp\cumshot masturbation vagina stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn lesbian (Sylvia,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\nude beastiality licking (Curtney,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\spanish hardcore bukkake uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\kicking hardcore full movie boots .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\canadian lesbian animal hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian fetish [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish gang bang catfight latex .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\japanese kicking lesbian traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gang bang cum hot (!) ash girly .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\indian nude fetish [milf] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\danish fetish action lesbian cock .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian horse masturbation stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\cum lesbian voyeur bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast fetish big beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\beastiality horse masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot licking vagina beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\chinese horse beast big Ôï (Sonja,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian cum lingerie girls Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\french animal xxx lesbian bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\asian bukkake trambling girls high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish action [bangbus] young .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cumshot catfight bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\russian animal trambling several models (Ashley,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\british porn hardcore sleeping glans sm (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\kicking public Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\lesbian beastiality voyeur boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot big hairy (Jenna,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\british lesbian girls .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\cumshot gang bang public .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\french horse fetish hidden redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\fucking hidden feet bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french porn [milf] (Liz,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\indian nude uncut cock .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beast lesbian masturbation nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia fucking nude public hole mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\blowjob porn licking femdom (Jade,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\brasilian beast gang bang [free] nipples penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm blowjob big pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\SoftwareDistribution\Download\tyrkish nude blowjob [bangbus] glans (Jenna,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\swedish fetish bukkake uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\porn lesbian sleeping blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\asian gay [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\lesbian bukkake [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fucking lesbian shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian beast [free] sm .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\cumshot voyeur redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\gang bang big black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\cum catfight 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\african lingerie big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\norwegian xxx hot (!) glans (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 2084 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 2084 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 2284 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 2284 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
PID 2284 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

Processes

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe

"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 93.48.198.129.in-addr.arpa udp
US 8.8.8.8:53 102.149.215.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 242.17.202.169.in-addr.arpa udp
US 8.8.8.8:53 85.110.95.116.in-addr.arpa udp
US 8.8.8.8:53 36.80.183.52.in-addr.arpa udp
US 8.8.8.8:53 32.60.198.166.in-addr.arpa udp
US 8.8.8.8:53 231.144.15.244.in-addr.arpa udp
US 8.8.8.8:53 242.56.123.99.in-addr.arpa udp
US 8.8.8.8:53 100.174.7.60.in-addr.arpa udp
US 8.8.8.8:53 60.196.82.117.in-addr.arpa udp
US 8.8.8.8:53 141.218.109.1.in-addr.arpa udp
US 8.8.8.8:53 135.163.61.2.in-addr.arpa udp
US 8.8.8.8:53 182.74.155.197.in-addr.arpa udp
US 8.8.8.8:53 208.32.159.151.in-addr.arpa udp
US 8.8.8.8:53 6.90.156.125.in-addr.arpa udp
US 8.8.8.8:53 235.5.38.86.in-addr.arpa udp
US 8.8.8.8:53 72.246.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.213.23.165.in-addr.arpa udp
US 8.8.8.8:53 16.102.22.166.in-addr.arpa udp
US 8.8.8.8:53 51.122.211.70.in-addr.arpa udp
US 8.8.8.8:53 23.110.186.55.in-addr.arpa udp
US 8.8.8.8:53 189.39.216.31.in-addr.arpa udp
US 8.8.8.8:53 143.78.226.36.in-addr.arpa udp
US 8.8.8.8:53 235.180.231.158.in-addr.arpa udp
US 8.8.8.8:53 123.63.126.5.in-addr.arpa udp
US 8.8.8.8:53 214.174.56.51.in-addr.arpa udp
US 8.8.8.8:53 111.177.30.225.in-addr.arpa udp
US 8.8.8.8:53 182.123.236.38.in-addr.arpa udp
US 8.8.8.8:53 85.174.122.33.in-addr.arpa udp
US 8.8.8.8:53 122.51.147.165.in-addr.arpa udp
US 8.8.8.8:53 218.115.252.73.in-addr.arpa udp
US 8.8.8.8:53 134.24.169.133.in-addr.arpa udp
US 8.8.8.8:53 68.31.72.164.in-addr.arpa udp
US 8.8.8.8:53 105.135.219.208.in-addr.arpa udp
US 8.8.8.8:53 96.83.243.181.in-addr.arpa udp
US 8.8.8.8:53 21.185.248.185.in-addr.arpa udp
US 8.8.8.8:53 193.37.218.12.in-addr.arpa udp
US 8.8.8.8:53 6.250.183.188.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 35.128.146.51.in-addr.arpa udp
US 8.8.8.8:53 113.33.157.34.in-addr.arpa udp
US 8.8.8.8:53 75.134.123.56.in-addr.arpa udp
US 8.8.8.8:53 102.218.65.123.in-addr.arpa udp
US 8.8.8.8:53 4.70.119.139.in-addr.arpa udp
US 8.8.8.8:53 123.165.88.207.in-addr.arpa udp
US 8.8.8.8:53 212.166.179.223.in-addr.arpa udp
US 8.8.8.8:53 229.114.116.153.in-addr.arpa udp
US 8.8.8.8:53 13.153.58.253.in-addr.arpa udp
US 8.8.8.8:53 134.122.246.119.in-addr.arpa udp
US 8.8.8.8:53 47.168.67.6.in-addr.arpa udp
US 8.8.8.8:53 165.207.187.4.in-addr.arpa udp
US 8.8.8.8:53 151.138.46.193.in-addr.arpa udp
US 8.8.8.8:53 2.168.133.234.in-addr.arpa udp
US 8.8.8.8:53 1.111.176.40.in-addr.arpa udp
US 8.8.8.8:53 244.180.206.75.in-addr.arpa udp
US 8.8.8.8:53 140.100.124.228.in-addr.arpa udp
US 8.8.8.8:53 144.183.149.148.in-addr.arpa udp
US 8.8.8.8:53 61.149.12.239.in-addr.arpa udp
US 8.8.8.8:53 187.65.200.129.in-addr.arpa udp
US 8.8.8.8:53 193.115.13.144.in-addr.arpa udp
US 8.8.8.8:53 3.59.125.123.in-addr.arpa udp
US 8.8.8.8:53 13.60.203.32.in-addr.arpa udp
US 8.8.8.8:53 223.71.214.170.in-addr.arpa udp
US 8.8.8.8:53 139.201.110.188.in-addr.arpa udp
US 8.8.8.8:53 107.146.160.158.in-addr.arpa udp
US 8.8.8.8:53 41.245.32.67.in-addr.arpa udp
US 8.8.8.8:53 139.6.106.232.in-addr.arpa udp
US 8.8.8.8:53 12.132.218.113.in-addr.arpa udp
US 8.8.8.8:53 247.240.134.172.in-addr.arpa udp
US 8.8.8.8:53 140.249.31.101.in-addr.arpa udp
US 8.8.8.8:53 98.176.38.203.in-addr.arpa udp
US 8.8.8.8:53 139.155.167.226.in-addr.arpa udp
US 8.8.8.8:53 57.96.13.69.in-addr.arpa udp
US 8.8.8.8:53 81.188.76.71.in-addr.arpa udp
US 8.8.8.8:53 207.202.28.212.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish nude beastiality lesbian nipples swallow .rar.exe

MD5 e0a00c65d747df927471c2a64afb1217
SHA1 3c303100720718e640d0017a0548fc52a6ba6cbe
SHA256 716f582e481f23dc94495430af6a1936d68ee3c33df1ab5012d2d2706d9587f7
SHA512 d9d15c617815a6d140822b90bd59f66a2c620c52a41ef621a010871f46642346b826f8796831475d00fc0f4f57979b96a409987e5c649a871467db04d1e64473