04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 18:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
Size

1.7MB
MD5

6e622fdbdb1e22411918440239227e3d
SHA1

303c57631735e6bd551692f897de8bb01d4bec51
SHA256

04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7
SHA512

c66d6c94e6cb019799b85a54e06da91a5da790da4f0b0d5656a22120165fb95dda059211d7379e29622a341375d2482145ed0ae2ebfcf5b7e5f186b4941a0022
SSDEEP

49152:VkxBRzmB9MQeNAnzXROwQ5Bn1roCm2SAUqFC4oGijsFP/z:8HqnXlnz8woeA1RoGCs5

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\R:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\T:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\V:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\E:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\L:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\O:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\S:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\U:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\A:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\B:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\G:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\H:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\I:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\J:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\M:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\P:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\Z:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\K:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\N:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\W:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\X:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File opened (read-only)	\??\Y:	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\xxx girls .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\System32\DriverStore\Temp\beast public cock hotel .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\FxsTmp\british bukkake [milf] .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian beastiality gay big balls .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking voyeur 40+ .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian action sperm [milf] redhair .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian horse blowjob [free] (Samantha).mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian animal sperm full movie ash .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian animal gay hot (!) .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian horse beast girls shoes .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx hidden fishy .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob voyeur glans .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black cumshot hardcore [milf] ,Ó .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Common Files\microsoft shared\american fetish sperm [milf] .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian cum lesbian uncut cock .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish nude lingerie big feet .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Microsoft\Temp\brasilian handjob hardcore big stockings (Kathrin,Janette).mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\sperm sleeping femdom (Sonja,Sarah).mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish animal gay [milf] feet high heels (Melissa).mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse licking penetration .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fucking [free] hole .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse [milf] cock bedroom .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian cumshot gay hot (!) titts hairy .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\dotnet\shared\indian nude lesbian [milf] cock pregnant .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fucking girls hole .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake girls titts .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black fetish horse big girly .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake sleeping glans .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling several models .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling hidden hole circumcision .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beast [free] titts gorgeoushorny .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\hardcore uncut YEâPSè& (Anniston,Karin).avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\chinese beast uncut .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\danish porn sperm several models mistress .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\asian trambling full movie traffic .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\Temp\beast full movie cock penetration .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\japanese fetish horse hidden feet .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\chinese fucking [free] 40+ (Anniston,Melissa).avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lesbian sleeping .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\trambling licking beautyfull .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\russian handjob blowjob hot (!) mature .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\norwegian lingerie sleeping traffic .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\french trambling public young (Kathrin,Karin).avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\gang bang lingerie several models black hairunshaved .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse [milf] titts mature (Curtney).zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\malaysia hardcore licking castration .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\gay lesbian mature (Ashley,Karin).mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\lesbian voyeur glans lady .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\american horse hardcore voyeur hole shoes .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\italian cum lesbian masturbation wifey .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\lesbian public titts black hairunshaved .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\handjob lesbian licking .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\black nude sperm public (Melissa).zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\african horse full movie cock .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\bukkake [milf] glans YEâPSè& .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality bukkake several models .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking lesbian hole .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\cumshot bukkake masturbation YEâPSè& .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\CbsTemp\japanese kicking sperm girls glans .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\porn blowjob girls .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\porn hardcore several models cock shower (Melissa).zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\porn horse catfight hole YEâPSè& .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\xxx catfight cock castration .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\beastiality horse lesbian glans (Gina,Karin).mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish cumshot horse uncut femdom (Sonja,Janette).rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\canadian hardcore [milf] mistress .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\italian animal beast lesbian .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\black fetish gay big cock .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore full movie (Curtney).mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american nude sperm public .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\french horse sleeping 50+ .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\danish horse fucking voyeur titts black hairunshaved (Karin).avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\italian cum beast several models feet .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian lesbian masturbation young .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\italian horse hardcore voyeur ejaculation .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx [bangbus] lady (Christine,Liz).rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\handjob sperm masturbation .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\tyrkish nude lesbian licking .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\malaysia lingerie lesbian hairy (Anniston,Sylvia).mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\norwegian xxx girls .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\american horse blowjob catfight hotel .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum gay full movie feet granny (Sylvia).zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\canadian lingerie lesbian .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\malaysia hardcore hot (!) feet .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\african bukkake sleeping feet blondie .rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\african horse lesbian glans .mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\bukkake full movie .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\beastiality horse [milf] Ôï .avi.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\norwegian sperm masturbation 40+ .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\beast public glans high heels (Jade).rar.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\french lingerie [bangbus] bondage .zip.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african beast masturbation titts boots .mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia fucking uncut hole traffic (Samantha).mpeg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\black nude lingerie hidden balls (Ashley,Sylvia).mpg.exe	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
1200	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
3528	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 992	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	80
PID 3664 wrote to memory of 992	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	80
PID 3664 wrote to memory of 992	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	80
PID 3664 wrote to memory of 3528	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	85
PID 3664 wrote to memory of 3528	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	85
PID 3664 wrote to memory of 3528	3664	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	85
PID 992 wrote to memory of 1200	992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	86
PID 992 wrote to memory of 1200	992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	86
PID 992 wrote to memory of 1200	992	04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe	86

C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
"C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
  "C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:992
- - C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
    "C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1200
- C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe
  "C:\Users\Admin\AppData\Local\Temp\04e6a90f8a87e23fc492c440a1f2bd585c2d0ae23f5152d68d4fec4624b1cfe7.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish animal gay [milf] feet high heels (Melissa).mpg.exe

Filesize
1.8MB

MD5
d56bb7ea4d9e81f4038f1c6ebbe74178

SHA1
966267a51ea95474a8e0c613562e55c87005742a

SHA256
f20dc7867705d3e11c8950145eb9423ce6bfd3f4239ba33eb6d7d0ef4bfb85e0

SHA512
f0b7f212715465a8db803713745a8ecedc3c5055a2739952a8ac3b0710d6d4d74c49b5a1d211ee3f6b11b08e2d4cf94a2cf8d7e1df5ad49457f9bcd020d5ac36

Download Submit
memory/1200-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3528-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3664-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download