Malware Analysis Report

2024-11-30 02:36

Sample ID 240407-wqfynaah65
Target 01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa
SHA256 01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa

Threat Level: Known bad

The file 01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:07

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:07

Reported

2024-04-07 18:09

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\IME\shared\cum masturbation ash lady .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german trambling sleeping legs pregnant (Ashley,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie big black hairunshaved (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake trambling masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian gang bang hidden shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian sperm several models feet bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish blowjob big .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\russian porn hot (!) nipples shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore animal [milf] leather .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\chinese cum hidden vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum beast full movie vagina ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Google\Temp\animal beastiality voyeur hole (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse voyeur ash .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\chinese porn sleeping hole (Ashley,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\tyrkish sperm hot (!) sweet (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal lingerie [milf] stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\cum catfight hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian xxx porn masturbation ash .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish horse xxx hot (!) latex (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\german sperm horse sleeping bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian bukkake public vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian gay masturbation titts fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking hidden feet fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\animal [milf] boobs 40+ (Anniston,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beast kicking big pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\hardcore beast voyeur blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast blowjob girls hairy (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\animal lesbian sleeping traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese animal action catfight (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\canadian nude [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lingerie [free] (Ashley,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fucking nude [milf] feet boots .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian horse horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gang bang [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german sperm blowjob full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black action handjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish bukkake licking bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\animal hidden YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\french trambling action public hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\blowjob fetish catfight ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\hardcore bukkake several models traffic (Britney,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british action porn uncut young (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian horse beast lesbian titts sm .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\hardcore uncut mature .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse catfight upskirt (Sarah,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\danish lingerie lesbian latex (Karin,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian cumshot beast catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\blowjob hot (!) beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese bukkake nude [milf] legs .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\sperm licking pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\nude [milf] wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese trambling gang bang licking .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie hot (!) (Jenna,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese nude big (Britney,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish sperm trambling [free] hole castration .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\canadian horse public shoes (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking trambling public beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\PLA\Templates\blowjob handjob licking mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian cum full movie YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black animal handjob uncut boobs stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake nude [free] bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\temp\black gang bang nude full movie beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SoftwareDistribution\Download\animal gang bang sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\japanese lingerie kicking uncut boobs ash .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french action action [milf] feet pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\Downloaded Program Files\swedish xxx hidden girly (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black horse gay girls lady .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cumshot sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian lesbian trambling girls latex .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish animal hardcore hidden legs fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\trambling masturbation shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian nude gang bang [milf] titts shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\fucking kicking big vagina YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french lingerie uncut legs redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang public titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish animal lesbian ash .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese porn sleeping nipples penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob fucking girls balls .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian bukkake lesbian [free] (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\british nude porn [free] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian blowjob catfight (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\xxx [free] nipples hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\russian lingerie nude hidden ash (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2176 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2624 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2624 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2624 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2624 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2176 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

Processes

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 185.242.90.1.in-addr.arpa udp
US 8.8.8.8:53 164.247.182.197.in-addr.arpa udp
US 8.8.8.8:53 206.219.185.185.in-addr.arpa udp
US 8.8.8.8:53 87.120.156.192.in-addr.arpa udp
US 8.8.8.8:53 34.46.123.23.in-addr.arpa udp
US 8.8.8.8:53 69.165.194.122.in-addr.arpa udp
US 8.8.8.8:53 4.76.35.1.in-addr.arpa udp
US 8.8.8.8:53 206.46.204.130.in-addr.arpa udp
US 8.8.8.8:53 223.128.168.221.in-addr.arpa udp
US 8.8.8.8:53 144.18.244.17.in-addr.arpa udp
US 8.8.8.8:53 175.123.78.32.in-addr.arpa udp
US 8.8.8.8:53 3.13.110.207.in-addr.arpa udp
US 8.8.8.8:53 141.241.33.193.in-addr.arpa udp
US 8.8.8.8:53 146.9.20.119.in-addr.arpa udp
US 8.8.8.8:53 141.20.48.15.in-addr.arpa udp
US 8.8.8.8:53 82.49.57.212.in-addr.arpa udp
US 8.8.8.8:53 252.132.154.26.in-addr.arpa udp
US 8.8.8.8:53 216.128.203.97.in-addr.arpa udp
US 8.8.8.8:53 225.238.238.87.in-addr.arpa udp
US 8.8.8.8:53 171.40.88.73.in-addr.arpa udp
US 8.8.8.8:53 108.174.169.52.in-addr.arpa udp
US 8.8.8.8:53 42.131.69.47.in-addr.arpa udp

Files

memory/2176-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden .rar.exe

MD5 9713eed8539874797b4c6e55afd72cd1
SHA1 1eac95aa1b76c34f90df4147c997077996dd731c
SHA256 e28823be6579d86c353b58ede4c445860a09a4091190ae61e5d6dbc7e852a8a2
SHA512 73d637814c10270312d91fefcc4536db6ddf336f7d1c859b4fd1b1e0ad94c33875b3436f819813bfd6e8586257e70cde9080d4c6f3d0f64fb83929f9df046d19

memory/2624-19-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-54-0x00000000047C0000-0x00000000047DE000-memory.dmp

memory/2436-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2176-56-0x0000000005670000-0x000000000568E000-memory.dmp

memory/2444-57-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2176-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2176-97-0x00000000052F0000-0x000000000530E000-memory.dmp

memory/2624-98-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-99-0x00000000047C0000-0x00000000047DE000-memory.dmp

memory/2436-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2176-104-0x0000000005670000-0x000000000568E000-memory.dmp

memory/2444-105-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:07

Reported

2024-04-07 18:09

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\indian horse lesbian lesbian lady (Jenna,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese porn bukkake hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish horse xxx licking hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm voyeur titts boots (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian porn gay [bangbus] castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian beastiality beast lesbian titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\System32\DriverStore\Temp\hardcore catfight traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian action hardcore full movie (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang bukkake sleeping bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\lesbian masturbation girly .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\american nude beast hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\bukkake licking beautyfull (Ashley,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden glans .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian gang bang trambling licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\horse masturbation shower .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian horse fucking catfight blondie (Sonja,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish cum sperm catfight titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse sleeping high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian nude blowjob masturbation shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\dotnet\shared\hardcore [bangbus] (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american kicking lingerie [milf] hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish porn fucking lesbian glans (Ashley,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian nude sperm masturbation titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish nude gay [milf] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay hot (!) 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast sleeping femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\porn lingerie [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\japanese kicking blowjob uncut titts circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\fetish fucking girls boots (Jenna,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\tyrkish nude lingerie hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\Downloaded Program Files\indian nude blowjob public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish gay full movie swallow (Anniston,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\japanese action lingerie hidden boots .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\spanish xxx licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\chinese horse full movie titts .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\Temp\fucking hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\fucking several models young .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cum xxx uncut titts hotel (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french gay full movie hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\kicking xxx girls (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\action sperm hidden lady .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\xxx sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\danish fetish trambling girls glans .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\indian animal hardcore catfight shower .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\security\templates\tyrkish action gay full movie glans femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\japanese fetish xxx lesbian hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\horse blowjob sleeping gorgeoushorny (Britney,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\lesbian voyeur swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian animal hardcore hot (!) 50+ (Sonja,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gay [free] high heels (Gina,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\french lesbian girls balls .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\malaysia sperm big hole .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\xxx lesbian blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\assembly\tmp\fucking uncut ash (Ashley,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay uncut hole blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german xxx [free] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\bukkake masturbation cock mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\american fetish blowjob big glans .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\tyrkish animal horse [milf] castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\japanese cum gay sleeping feet femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lingerie [free] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\russian animal beast hidden lady .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\italian kicking bukkake licking titts bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cum sperm catfight pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\asian lingerie big hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black cum lingerie full movie (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian fucking voyeur gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\french horse voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\japanese nude bukkake girls pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\norwegian gay several models (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\american beastiality beast several models cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\asian bukkake [free] (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\blowjob full movie glans .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish cum trambling masturbation feet hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal lingerie voyeur hairy (Sandy,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\african blowjob hot (!) (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\african horse licking glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian blowjob girls feet ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\sperm big swallow (Sandy,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\animal horse uncut fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian cum sperm [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\japanese beastiality lesbian voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\swedish fetish gay lesbian hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake [milf] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\sperm masturbation feet .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\handjob bukkake [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\InstallTemp\tyrkish cum lingerie sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse sperm [free] hotel (Christine,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\american nude gay hot (!) titts gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5028 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 5028 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 5028 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 5028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 5028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 5028 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2108 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2108 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
PID 2108 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

Processes

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe

"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 140.177.98.97.in-addr.arpa udp
US 8.8.8.8:53 76.103.157.86.in-addr.arpa udp
US 8.8.8.8:53 187.224.199.173.in-addr.arpa udp
US 8.8.8.8:53 39.198.23.57.in-addr.arpa udp
US 8.8.8.8:53 114.230.39.192.in-addr.arpa udp
US 8.8.8.8:53 244.94.14.241.in-addr.arpa udp
US 8.8.8.8:53 35.87.215.156.in-addr.arpa udp
US 8.8.8.8:53 243.223.41.103.in-addr.arpa udp
US 8.8.8.8:53 240.114.213.163.in-addr.arpa udp
US 8.8.8.8:53 242.231.91.218.in-addr.arpa udp
US 8.8.8.8:53 11.170.36.155.in-addr.arpa udp
US 8.8.8.8:53 52.38.54.85.in-addr.arpa udp
US 8.8.8.8:53 193.245.148.136.in-addr.arpa udp
US 8.8.8.8:53 23.119.253.137.in-addr.arpa udp
US 8.8.8.8:53 193.74.181.86.in-addr.arpa udp
US 8.8.8.8:53 106.145.192.242.in-addr.arpa udp
US 8.8.8.8:53 254.223.242.183.in-addr.arpa udp
US 8.8.8.8:53 47.157.214.252.in-addr.arpa udp
US 8.8.8.8:53 240.20.93.49.in-addr.arpa udp
US 8.8.8.8:53 98.227.139.205.in-addr.arpa udp
US 8.8.8.8:53 242.221.136.228.in-addr.arpa udp
US 8.8.8.8:53 56.188.8.210.in-addr.arpa udp
US 8.8.8.8:53 24.135.76.24.in-addr.arpa udp
US 8.8.8.8:53 72.185.8.184.in-addr.arpa udp
US 8.8.8.8:53 76.175.73.204.in-addr.arpa udp
US 8.8.8.8:53 168.66.14.151.in-addr.arpa udp
US 8.8.8.8:53 248.207.159.101.in-addr.arpa udp
US 8.8.8.8:53 220.99.84.143.in-addr.arpa udp
US 8.8.8.8:53 149.80.186.88.in-addr.arpa udp
US 8.8.8.8:53 172.60.183.203.in-addr.arpa udp
US 8.8.8.8:53 181.196.165.75.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 65.78.146.172.in-addr.arpa udp
US 8.8.8.8:53 11.190.51.35.in-addr.arpa udp
US 8.8.8.8:53 132.11.52.106.in-addr.arpa udp
US 8.8.8.8:53 88.23.11.56.in-addr.arpa udp
US 8.8.8.8:53 147.118.88.113.in-addr.arpa udp
US 8.8.8.8:53 204.214.37.73.in-addr.arpa udp
US 8.8.8.8:53 156.145.1.32.in-addr.arpa udp
US 8.8.8.8:53 55.88.102.163.in-addr.arpa udp
US 8.8.8.8:53 217.60.173.68.in-addr.arpa udp
US 8.8.8.8:53 57.239.162.189.in-addr.arpa udp
US 8.8.8.8:53 115.111.61.120.in-addr.arpa udp
US 8.8.8.8:53 100.123.152.153.in-addr.arpa udp
US 8.8.8.8:53 211.220.202.149.in-addr.arpa udp
US 8.8.8.8:53 224.55.213.60.in-addr.arpa udp
US 8.8.8.8:53 82.206.60.61.in-addr.arpa udp
US 8.8.8.8:53 195.223.6.121.in-addr.arpa udp
US 8.8.8.8:53 21.166.2.243.in-addr.arpa udp
US 8.8.8.8:53 71.151.18.132.in-addr.arpa udp
US 8.8.8.8:53 79.1.111.35.in-addr.arpa udp
US 8.8.8.8:53 184.116.230.53.in-addr.arpa udp
US 8.8.8.8:53 91.57.170.96.in-addr.arpa udp
US 8.8.8.8:53 254.70.113.132.in-addr.arpa udp
US 8.8.8.8:53 7.170.86.240.in-addr.arpa udp
US 8.8.8.8:53 28.145.104.97.in-addr.arpa udp
US 8.8.8.8:53 123.43.111.86.in-addr.arpa udp
US 8.8.8.8:53 189.152.222.11.in-addr.arpa udp
US 8.8.8.8:53 17.53.18.55.in-addr.arpa udp
US 8.8.8.8:53 234.181.240.238.in-addr.arpa udp
US 8.8.8.8:53 196.107.20.83.in-addr.arpa udp

Files

memory/5028-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american kicking lingerie [milf] hole .mpg.exe

MD5 4463590fc60163746d4a25a6c7e77cef
SHA1 151bdf45eef8233f064a7ac39bbe56ffce149302
SHA256 7a68df6c0794df634869b10d150c206c9e0ef646a8b56a6ea2ab6cb4cbda6feb
SHA512 953e46273176241092d536cd6fa9ab588a30f916555230377221cb269b4c304854dfd9129585f30e8c35c4714699a9570d7d79c3457690c8d946baf54cf8c5a4

memory/2108-60-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-167-0x0000000000400000-0x000000000041E000-memory.dmp

memory/924-168-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5028-196-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2108-198-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-200-0x0000000000400000-0x000000000041E000-memory.dmp

memory/924-201-0x0000000000400000-0x000000000041E000-memory.dmp