Malware Analysis Report

2024-11-30 04:06

Sample ID 240408-a4nprsbf5t
Target b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c
SHA256 b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c

Threat Level: Known bad

The file b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:46

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:46

Reported

2024-04-08 00:48

Platform

win7-20240221-en

Max time kernel

107s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\russian cum fucking full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\spanish handjob catfight (Curtney,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian gay action girls boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking horse [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\malaysia xxx uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish xxx hardcore voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian gay sperm catfight glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\german cumshot sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british blowjob cum sleeping nipples balls .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black action sperm voyeur hole upskirt (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian action [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling bukkake licking (Kathrin,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Windows Journal\Templates\russian gang bang fucking public pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian nude fucking hot (!) 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\norwegian hardcore handjob [free] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian xxx lingerie sleeping ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\french gang bang big black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\swedish fetish blowjob [milf] blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\DVD Maker\Shared\kicking several models YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black trambling cumshot [milf] vagina shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse beastiality voyeur (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gay beastiality full movie nipples blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\british cumshot lesbian blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian sperm trambling big leather (Curtney,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian cumshot girls hole gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish xxx masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian blowjob trambling licking (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\nude several models .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\indian cum lesbian big vagina (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast public nipples balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese xxx blowjob voyeur black hairunshaved (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\cum porn voyeur feet shower (Tatjana,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish cum sperm voyeur latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian animal trambling [bangbus] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian kicking porn [bangbus] balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\japanese fucking hot (!) ash .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\chinese handjob full movie young .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish handjob sleeping (Sonja,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gang bang hidden ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore voyeur titts swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\PLA\Templates\brasilian lingerie several models .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian beast xxx licking young .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\french bukkake masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\animal public hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian sperm uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\lesbian big wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\trambling bukkake licking hotel (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british hardcore animal public shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm uncut boobs hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese lesbian beastiality [free] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia horse fucking [milf] stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore girls hotel (Samantha,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\action horse several models high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african cum public .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\asian blowjob masturbation legs castration .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\indian lingerie several models legs balls .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse lesbian (Kathrin,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african gay public stockings (Kathrin,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\kicking big boobs sweet (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\french blowjob [free] black hairunshaved (Britney,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\gay beast several models lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\tyrkish fucking big high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\beastiality hidden shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\nude trambling masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\malaysia horse hardcore [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cumshot licking stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cum sperm lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\italian xxx animal [milf] hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beastiality fucking girls hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia hardcore cumshot [milf] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american action lesbian hot (!) titts shower (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia gay gay lesbian hole gorgeoushorny (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian sperm fucking masturbation feet penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\tmp\danish beast fucking hidden sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\sperm trambling full movie cock hairy (Karin,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian action sleeping ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\danish animal trambling [free] (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\african beast cum big .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\blowjob hardcore [bangbus] cock (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\assembly\temp\german action hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian beastiality trambling sleeping balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian blowjob cumshot [free] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian xxx masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse sleeping boobs latex (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\spanish horse cumshot [bangbus] swallow (Liz,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american fetish blowjob girls glans .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\fetish [free] black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gang bang several models black hairunshaved (Sylvia,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1368 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 1368 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 1368 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 1368 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 2932 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 2932 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 2932 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 2932 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 161.92.152.230.in-addr.arpa udp
US 8.8.8.8:53 110.85.255.148.in-addr.arpa udp
US 8.8.8.8:53 125.170.187.206.in-addr.arpa udp
US 8.8.8.8:53 75.145.239.227.in-addr.arpa udp
US 8.8.8.8:53 246.129.134.70.in-addr.arpa udp
US 8.8.8.8:53 44.251.41.62.in-addr.arpa udp
US 8.8.8.8:53 29.4.228.22.in-addr.arpa udp
US 8.8.8.8:53 142.81.12.77.in-addr.arpa udp
US 8.8.8.8:53 200.53.18.246.in-addr.arpa udp
US 8.8.8.8:53 76.175.188.80.in-addr.arpa udp
US 8.8.8.8:53 162.1.57.23.in-addr.arpa udp
US 8.8.8.8:53 138.25.100.206.in-addr.arpa udp
US 8.8.8.8:53 84.111.225.114.in-addr.arpa udp
US 8.8.8.8:53 114.116.168.248.in-addr.arpa udp
US 8.8.8.8:53 162.132.37.148.in-addr.arpa udp
US 8.8.8.8:53 100.106.176.84.in-addr.arpa udp
US 8.8.8.8:53 151.192.75.86.in-addr.arpa udp
US 8.8.8.8:53 168.218.157.243.in-addr.arpa udp
US 8.8.8.8:53 220.126.230.165.in-addr.arpa udp

Files

memory/1368-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian cumshot girls hole gorgeoushorny .mpeg.exe

MD5 9a157df8162521bd707704a0b5bcae4d
SHA1 cb3f7dc24d2f2729eccd077f0029473c95c0746a
SHA256 812561358ae85023ab04a70ccf72c63065b5ffc80999d771706fd2db7f98c419
SHA512 2605b77712772d45efc0d83ecdc7b6c4db00554804ad499f9f3807bde736ff7dbd354ed46c647938788e9bf6ec30be25d33c06d9c069cc75b52b55e04ec22cdb

memory/1368-12-0x0000000004620000-0x000000000463E000-memory.dmp

memory/2932-13-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2932-54-0x0000000004580000-0x000000000459E000-memory.dmp

memory/2452-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2932-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2452-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-95-0x0000000004620000-0x000000000463E000-memory.dmp

memory/2932-97-0x0000000004580000-0x000000000459E000-memory.dmp

memory/1368-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-107-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-118-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-132-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-138-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-144-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:46

Reported

2024-04-08 00:48

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian kicking sperm hidden feet shoes (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african hardcore [milf] (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\swedish porn lingerie public (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob sleeping upskirt (Gina,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cum trambling [free] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie big (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang gay catfight penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian porn bukkake girls upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\beast public titts black hairunshaved (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling uncut (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) girly .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian uncut shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\russian cumshot gay lesbian latex .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\japanese gang bang lesbian big .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking hot (!) YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\blowjob [bangbus] (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\trambling full movie titts femdom (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish handjob beast uncut bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal horse girls feet stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Google\Temp\tyrkish gang bang hardcore full movie glans pregnant (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\beast [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\tyrkish gang bang trambling masturbation lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay public stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\tyrkish fetish fucking [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob horse [free] wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish kicking gay [milf] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie full movie ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse several models sm .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black beastiality blowjob big cock castration .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\russian cumshot blowjob sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish blowjob big mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian hardcore hidden femdom (Gina,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\kicking beast hidden cock .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\xxx sleeping (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\malaysia lingerie catfight cock swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\african beast uncut titts circumcision (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american nude hardcore sleeping cock blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian horse uncut (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\horse hardcore public glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\bukkake hidden glans fishy (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\indian fetish blowjob voyeur young .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american gang bang xxx sleeping cock .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\blowjob hot (!) blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\porn hardcore [free] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\swedish kicking fucking hidden swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\american action trambling big titts .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\cumshot bukkake voyeur sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\xxx girls titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\malaysia horse [milf] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse bukkake uncut titts .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\american fetish blowjob hot (!) titts high heels (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french fucking hidden cock balls (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african sperm lesbian swallow (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french beast sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\cumshot blowjob full movie titts (Sandy,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\american porn lingerie catfight hole bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\tyrkish beastiality sperm voyeur black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\horse lesbian full movie feet (Sandy,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish animal gay sleeping (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse sleeping high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\action fucking full movie beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\black porn beast licking feet castration (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\russian beastiality xxx masturbation black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\gang bang blowjob licking fishy (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\french bukkake girls cock .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\blowjob voyeur feet (Kathrin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\danish handjob lesbian [bangbus] blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\beastiality sperm several models upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\gang bang trambling girls feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\handjob bukkake girls feet ash .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum xxx lesbian glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay lesbian traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\beastiality lesbian masturbation cock traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\brasilian cum lesbian masturbation femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\sperm several models .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\fetish lesbian catfight cock YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\porn beast girls upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\swedish handjob gay [milf] bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\asian gay several models ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\fetish hardcore [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\horse [milf] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\asian bukkake [bangbus] hairy (Gina,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\malaysia blowjob lesbian (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\action trambling public hole castration (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\british blowjob [milf] hole sweet (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\horse sperm [milf] hole femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\african fucking sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\nude sperm several models hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\bukkake licking .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\indian beastiality hardcore public femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\british xxx voyeur hole girly .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking horse sleeping (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\british trambling masturbation feet boots (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\cum xxx masturbation feet circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 3040 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 3040 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 3040 wrote to memory of 244 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 3040 wrote to memory of 244 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 3040 wrote to memory of 244 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 4020 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 4020 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
PID 4020 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe

"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2244,i,861925222566734100,5228329984880658054,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
IE 94.245.104.56:443 tcp
GB 13.87.96.169:443 tcp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
GB 13.87.96.169:443 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 51.140.244.186:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 247.69.91.185.in-addr.arpa udp
US 8.8.8.8:53 201.148.16.107.in-addr.arpa udp
US 8.8.8.8:53 122.150.140.166.in-addr.arpa udp
US 8.8.8.8:53 20.57.218.16.in-addr.arpa udp
US 8.8.8.8:53 121.166.162.220.in-addr.arpa udp
US 8.8.8.8:53 156.2.187.139.in-addr.arpa udp
US 8.8.8.8:53 8.48.179.161.in-addr.arpa udp
US 8.8.8.8:53 69.236.154.202.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 119.19.95.29.in-addr.arpa udp
US 8.8.8.8:53 67.187.10.69.in-addr.arpa udp
US 8.8.8.8:53 226.228.10.209.in-addr.arpa udp
US 8.8.8.8:53 150.4.4.235.in-addr.arpa udp
US 8.8.8.8:53 95.187.180.137.in-addr.arpa udp
US 8.8.8.8:53 117.191.60.13.in-addr.arpa udp
US 8.8.8.8:53 184.243.104.222.in-addr.arpa udp
US 8.8.8.8:53 45.83.37.191.in-addr.arpa udp
US 8.8.8.8:53 38.229.12.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.136.40.in-addr.arpa udp
US 8.8.8.8:53 186.93.171.178.in-addr.arpa udp
US 8.8.8.8:53 73.120.139.193.in-addr.arpa udp
US 8.8.8.8:53 161.102.118.1.in-addr.arpa udp
US 8.8.8.8:53 60.153.109.44.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 21.213.118.220.in-addr.arpa udp
US 8.8.8.8:53 197.112.40.96.in-addr.arpa udp
US 8.8.8.8:53 18.37.234.121.in-addr.arpa udp
US 8.8.8.8:53 250.158.145.76.in-addr.arpa udp
US 8.8.8.8:53 36.31.78.90.in-addr.arpa udp
US 8.8.8.8:53 244.122.200.198.in-addr.arpa udp
US 8.8.8.8:53 14.220.32.150.in-addr.arpa udp
US 8.8.8.8:53 53.22.103.128.in-addr.arpa udp
US 8.8.8.8:53 19.253.140.214.in-addr.arpa udp
US 8.8.8.8:53 245.102.33.157.in-addr.arpa udp
US 8.8.8.8:53 219.240.55.223.in-addr.arpa udp
US 8.8.8.8:53 25.50.95.213.in-addr.arpa udp
US 8.8.8.8:53 44.254.133.88.in-addr.arpa udp
US 8.8.8.8:53 151.243.52.140.in-addr.arpa udp
US 8.8.8.8:53 182.123.255.150.in-addr.arpa udp
US 8.8.8.8:53 246.142.42.226.in-addr.arpa udp
US 8.8.8.8:53 126.152.60.193.in-addr.arpa udp
US 8.8.8.8:53 193.100.5.156.in-addr.arpa udp
US 8.8.8.8:53 76.215.121.237.in-addr.arpa udp
US 8.8.8.8:53 175.220.110.209.in-addr.arpa udp
US 8.8.8.8:53 109.91.131.96.in-addr.arpa udp
US 8.8.8.8:53 29.24.18.46.in-addr.arpa udp
US 8.8.8.8:53 10.61.176.122.in-addr.arpa udp
US 8.8.8.8:53 35.69.151.11.in-addr.arpa udp
US 8.8.8.8:53 3.58.210.223.in-addr.arpa udp
US 8.8.8.8:53 100.215.128.80.in-addr.arpa udp
US 8.8.8.8:53 233.89.58.44.in-addr.arpa udp
US 8.8.8.8:53 190.240.240.217.in-addr.arpa udp
US 8.8.8.8:53 162.206.186.159.in-addr.arpa udp
US 8.8.8.8:53 18.161.138.4.in-addr.arpa udp
US 8.8.8.8:53 251.245.119.190.in-addr.arpa udp
US 8.8.8.8:53 152.133.87.145.in-addr.arpa udp
US 8.8.8.8:53 192.150.216.242.in-addr.arpa udp
US 8.8.8.8:53 199.76.65.81.in-addr.arpa udp

Files

memory/3040-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse several models sm .avi.exe

MD5 d67c4c49cab043a990a312e533953e39
SHA1 6322bd084364f52c8626e2d0d71bdc662c73f74e
SHA256 dd45884bfe8ca9b6802a0ef7801838f73e7df5eef8ec6e9ac65ce70820f04bfc
SHA512 aa1d7b548df0eeddfe5a03a49c7ac62ec8b332b0ab984af42ecaee593f685e1126419c6cc8e0d9e8e725f9542dfbf8e6f254297b300b60f94e1726c24bed6598

memory/4484-26-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4020-170-0x0000000000400000-0x000000000041E000-memory.dmp

memory/244-176-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4484-177-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-197-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-201-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-206-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-222-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-226-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-234-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-239-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-243-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-247-0x0000000000400000-0x000000000041E000-memory.dmp