Malware Analysis Report

2024-11-30 04:06

Sample ID 240408-a5nq6abf6x
Target b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198
SHA256 b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198

Threat Level: Known bad

The file b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:47

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:47

Reported

2024-04-08 00:50

Platform

win7-20240215-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\bukkake lesbian hole bondage (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish action fucking sleeping cock blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lesbian public beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast full movie sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish horse lesbian voyeur shower (Kathrin,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fetish blowjob several models titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese animal sperm girls feet ash (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black animal lesbian hidden cock sm (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese horse gay girls shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish nude fucking sleeping mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\russian cum lesbian girls cock (Sandy,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese nude sperm licking feet castration (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black kicking lingerie voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish action sperm licking shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Windows Journal\Templates\bukkake [free] upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Google\Temp\swedish horse gay several models (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish porn lesbian [free] penetration (Jenna,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian handjob fucking [free] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie catfight redhair (Jenna,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore uncut titts circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\russian nude horse lesbian young .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese gang bang gay hidden leather .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\DVD Maker\Shared\italian handjob trambling several models hole high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian girls hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese horse xxx [milf] titts wifey (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia xxx voyeur titts (Jenna,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia gay public hole wifey (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking horse voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cumshot blowjob [free] 50+ (Sonja,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\sperm catfight glans bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\blowjob [bangbus] hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese horse lingerie full movie hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\trambling hot (!) fishy (Sonja,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\indian porn fucking big redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french horse licking titts femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black nude trambling catfight glans .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish xxx hot (!) leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese fetish lesbian lesbian (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\Downloaded Program Files\gay [milf] (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [milf] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish gang bang xxx full movie hole circumcision (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay [bangbus] feet latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\spanish trambling big (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african xxx uncut black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish cumshot bukkake girls (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian beast lesbian mistress (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\tyrkish beastiality horse masturbation titts stockings (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\african lingerie girls hole redhair (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian nude horse uncut (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\action sperm [bangbus] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\animal hardcore several models titts femdom (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish horse hardcore uncut glans leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\italian horse lingerie [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\kicking gay public YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish cum fucking big YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality lesbian hidden titts .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\blowjob [free] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\malaysia beast [milf] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob hot (!) (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german trambling several models upskirt (Anniston,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\blowjob [bangbus] balls .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian trambling masturbation glans wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling [free] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\action lingerie sleeping titts stockings (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african blowjob full movie cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish gang bang trambling hot (!) bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast licking granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian horse licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\porn trambling hidden gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish cum fucking [milf] sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish porn blowjob big .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\black action sperm [milf] hole YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\Temp\beast voyeur feet penetration (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\russian animal blowjob hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\french trambling [milf] redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian handjob blowjob several models stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\tmp\tyrkish fetish gay [bangbus] redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\cumshot sperm girls glans .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\security\templates\trambling [bangbus] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\sperm [free] gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese action lingerie sleeping feet (Ashley,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\InstallTemp\nude bukkake [milf] (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish lingerie catfight (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum lesbian catfight castration .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\bukkake full movie (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian lingerie several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish hardcore sleeping sm (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\blowjob sleeping titts blondie (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob sleeping titts balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2916 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2916 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2916 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2916 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 1892 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 1892 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 1892 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 1892 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 189.53.249.193.in-addr.arpa udp
US 8.8.8.8:53 161.9.221.165.in-addr.arpa udp
US 8.8.8.8:53 241.169.49.247.in-addr.arpa udp
US 8.8.8.8:53 81.237.148.65.in-addr.arpa udp
US 8.8.8.8:53 195.67.236.155.in-addr.arpa udp
US 8.8.8.8:53 68.149.232.105.in-addr.arpa udp
US 8.8.8.8:53 103.21.189.104.in-addr.arpa udp
US 8.8.8.8:53 151.141.81.117.in-addr.arpa udp
US 8.8.8.8:53 136.143.149.65.in-addr.arpa udp
US 8.8.8.8:53 136.161.216.200.in-addr.arpa udp
US 8.8.8.8:53 7.97.192.198.in-addr.arpa udp
US 8.8.8.8:53 78.187.69.145.in-addr.arpa udp
US 8.8.8.8:53 3.110.221.200.in-addr.arpa udp
US 8.8.8.8:53 59.218.253.231.in-addr.arpa udp
US 8.8.8.8:53 95.18.8.13.in-addr.arpa udp
US 8.8.8.8:53 128.135.83.58.in-addr.arpa udp
US 8.8.8.8:53 167.136.123.210.in-addr.arpa udp
US 8.8.8.8:53 234.66.233.27.in-addr.arpa udp
US 8.8.8.8:53 96.232.161.218.in-addr.arpa udp
US 8.8.8.8:53 111.232.18.174.in-addr.arpa udp
US 8.8.8.8:53 80.115.3.66.in-addr.arpa udp
US 8.8.8.8:53 47.203.146.185.in-addr.arpa udp
US 8.8.8.8:53 156.180.24.24.in-addr.arpa udp
US 8.8.8.8:53 98.192.98.27.in-addr.arpa udp
US 8.8.8.8:53 193.123.186.58.in-addr.arpa udp
US 8.8.8.8:53 9.102.16.200.in-addr.arpa udp
US 8.8.8.8:53 45.47.212.3.in-addr.arpa udp
US 8.8.8.8:53 4.120.37.62.in-addr.arpa udp

Files

memory/2916-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore uncut titts circumcision .avi.exe

MD5 204b32d81841ccec2466250c9409ae23
SHA1 73f79bea6f4908ac9e863e1bec22d30dce42c20e
SHA256 b3d4ae9ab8d850f7ad3769702fd1c5ab5f60ca279171e21a3a8dc3e03276af1f
SHA512 8b3a2731d2a2f5d8b5d0d7b826c78d4bba223515c216274749bab2e456963a3852675987e7ffd32bc6b7c726a95c498368be345ecd0523e088e0cf6ae016b7c0

memory/2916-80-0x0000000004BE0000-0x0000000004BFD000-memory.dmp

memory/1892-81-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1892-90-0x0000000004DD0000-0x0000000004DED000-memory.dmp

memory/2696-91-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-95-0x0000000000400000-0x000000000041D000-memory.dmp

C:\debug.txt

MD5 a82b119ca1535face51aa970cc4412c8
SHA1 224116329af6f5fdd4b6a58990d70a3cdaa91338
SHA256 d1fb0fbf1a031179710e6d76cf7d992c2acad8d7b6bede648909e2cc409bb421
SHA512 d1fdfa322758df97b68ed9d66d63362afa38de48c64708b1979f72315002eed70d4e8ca418b09024ca5b115c4fcd7bc3148772e53f4af326c2aabeb5c8b122cb

memory/1892-104-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2696-105-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-106-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-107-0x0000000004BE0000-0x0000000004BFD000-memory.dmp

memory/1892-110-0x0000000004DD0000-0x0000000004DED000-memory.dmp

memory/2916-111-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-114-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-117-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-122-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-125-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-128-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-131-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-134-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-137-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-140-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-143-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2916-146-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:47

Reported

2024-04-08 00:50

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake girls nipples 50+ (Sarah,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese trambling licking hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\nude uncut beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\System32\DriverStore\Temp\nude masturbation YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beastiality lesbian hot (!) gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african sperm beast sleeping (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american lesbian masturbation pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob girls leather .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\norwegian action gay catfight ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\canadian action hardcore licking ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob gay catfight glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\cumshot handjob hot (!) high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian xxx catfight (Sarah,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\handjob girls castration .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\nude [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn sleeping legs bondage (Sonja,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\swedish horse cum catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\norwegian trambling cum [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish kicking [bangbus] mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian hardcore voyeur high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese fucking cumshot licking wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian nude sleeping ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish xxx gay catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Common Files\microsoft shared\norwegian lesbian trambling several models YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese beastiality trambling [free] nipples (Melissa,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\german porn several models nipples sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\asian fetish big .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\sperm cum lesbian titts castration .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\swedish sperm fucking hot (!) pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fucking catfight leather .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking hot (!) lady .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\canadian beastiality fetish [bangbus] boobs (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french lesbian fucking voyeur ash upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\beastiality girls girly .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\lingerie horse lesbian traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\norwegian hardcore several models titts high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\tyrkish beast lesbian 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian beast girls legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\canadian xxx handjob hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\norwegian lesbian lesbian hairy (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\japanese beastiality catfight wifey (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\gay masturbation 50+ (Anniston,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\InstallTemp\sperm catfight swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\british gang bang bukkake catfight titts .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\porn uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black horse gang bang catfight titts shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\japanese fetish nude [bangbus] hole young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\malaysia beast lesbian catfight granny (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\porn horse big YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\cum [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\african beastiality handjob several models ash mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\spanish hardcore horse licking redhair (Samantha,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\black cumshot catfight mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\animal [free] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\bukkake beastiality several models .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\porn [bangbus] castration .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian lesbian hidden ¼ë .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish gay horse girls granny .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling horse [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish gay beastiality licking glans hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese fetish blowjob lesbian blondie (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\action cumshot hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian bukkake lingerie sleeping shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling handjob licking feet 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\blowjob sperm full movie penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\black horse voyeur sweet (Karin,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african animal sleeping ash (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\russian action uncut beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\italian fetish voyeur upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\animal cumshot big sm .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia lesbian [free] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian gay blowjob sleeping nipples black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\british beastiality several models nipples shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\african horse lesbian stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese gay [milf] ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\indian horse hidden girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\japanese horse uncut boobs shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\malaysia gang bang handjob sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\kicking [bangbus] blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\brasilian gang bang sleeping glans stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\handjob hot (!) wifey (Kathrin,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\tyrkish handjob hidden pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\fucking sperm catfight gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\PLA\Templates\tyrkish sperm bukkake lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\malaysia fucking cum [milf] sm (Anniston,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cum gang bang full movie granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\american horse cumshot [bangbus] sm (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\gang bang hardcore voyeur blondie (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american porn blowjob big hole .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french blowjob sleeping vagina traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gang bang full movie balls .zip.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3980 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 3980 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 3980 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 3980 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 3980 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 3980 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2880 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2880 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
PID 2880 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe

"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 194.132.56.73.in-addr.arpa udp
US 8.8.8.8:53 53.223.169.170.in-addr.arpa udp
US 8.8.8.8:53 28.97.123.123.in-addr.arpa udp
US 8.8.8.8:53 209.228.62.11.in-addr.arpa udp
US 8.8.8.8:53 129.151.250.54.in-addr.arpa udp
US 8.8.8.8:53 243.73.154.135.in-addr.arpa udp
US 8.8.8.8:53 45.32.136.126.in-addr.arpa udp
US 8.8.8.8:53 147.169.2.86.in-addr.arpa udp
US 8.8.8.8:53 178.120.228.88.in-addr.arpa udp
US 8.8.8.8:53 194.50.149.45.in-addr.arpa udp
US 8.8.8.8:53 39.226.139.60.in-addr.arpa udp
US 8.8.8.8:53 40.202.136.92.in-addr.arpa udp
US 8.8.8.8:53 138.80.39.230.in-addr.arpa udp
US 8.8.8.8:53 147.152.185.33.in-addr.arpa udp
US 8.8.8.8:53 143.53.59.38.in-addr.arpa udp
US 8.8.8.8:53 242.241.140.125.in-addr.arpa udp
US 8.8.8.8:53 187.84.191.197.in-addr.arpa udp
US 8.8.8.8:53 243.243.181.252.in-addr.arpa udp
US 8.8.8.8:53 127.100.189.19.in-addr.arpa udp
US 8.8.8.8:53 253.10.217.234.in-addr.arpa udp
US 8.8.8.8:53 28.220.87.224.in-addr.arpa udp
US 8.8.8.8:53 248.54.207.143.in-addr.arpa udp
US 8.8.8.8:53 237.112.127.174.in-addr.arpa udp
US 8.8.8.8:53 158.112.243.166.in-addr.arpa udp
US 8.8.8.8:53 156.121.57.230.in-addr.arpa udp
US 8.8.8.8:53 229.110.61.82.in-addr.arpa udp
US 8.8.8.8:53 9.176.16.37.in-addr.arpa udp
US 8.8.8.8:53 191.201.201.6.in-addr.arpa udp
US 8.8.8.8:53 248.97.74.88.in-addr.arpa udp
US 8.8.8.8:53 103.103.128.7.in-addr.arpa udp
US 8.8.8.8:53 91.193.127.187.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 254.109.237.73.in-addr.arpa udp
US 8.8.8.8:53 17.91.229.107.in-addr.arpa udp
US 8.8.8.8:53 83.99.254.226.in-addr.arpa udp
US 8.8.8.8:53 119.47.100.57.in-addr.arpa udp
US 8.8.8.8:53 61.116.220.245.in-addr.arpa udp
US 8.8.8.8:53 129.239.153.211.in-addr.arpa udp
US 8.8.8.8:53 128.147.11.32.in-addr.arpa udp
US 8.8.8.8:53 39.96.209.229.in-addr.arpa udp
US 8.8.8.8:53 44.186.183.107.in-addr.arpa udp
US 8.8.8.8:53 82.227.101.97.in-addr.arpa udp
US 8.8.8.8:53 115.237.223.23.in-addr.arpa udp
US 8.8.8.8:53 196.253.69.105.in-addr.arpa udp
US 8.8.8.8:53 82.142.182.49.in-addr.arpa udp
US 8.8.8.8:53 246.79.249.152.in-addr.arpa udp
US 8.8.8.8:53 130.244.139.241.in-addr.arpa udp
US 8.8.8.8:53 1.22.215.125.in-addr.arpa udp
US 8.8.8.8:53 193.22.152.190.in-addr.arpa udp
US 8.8.8.8:53 212.235.234.54.in-addr.arpa udp
US 8.8.8.8:53 39.1.75.38.in-addr.arpa udp
US 8.8.8.8:53 60.145.82.4.in-addr.arpa udp
US 8.8.8.8:53 63.169.6.114.in-addr.arpa udp
US 8.8.8.8:53 161.231.195.239.in-addr.arpa udp
US 8.8.8.8:53 195.65.94.65.in-addr.arpa udp

Files

memory/3980-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian hardcore voyeur high heels .zip.exe

MD5 01a7632d9994b517820e9c41ed53e6f2
SHA1 977fda72a413c1f2c295dec28554de7112a33013
SHA256 c2b91fc9d47c3066d4432bd4724ab2af314480377248f57d8b1bf74fbedfeb8b
SHA512 1335e62c61f1ed0a9118d283c46783c4448fcfa17f9126417ec02ddc5d1ba8cfc929595f4c47ac76557a69368388831744b8fced89bd88269965acf4fc14c915

memory/2880-26-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4804-154-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4948-158-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-185-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2880-186-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4948-188-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4804-187-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-190-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-191-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-197-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-207-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-211-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-216-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-220-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-224-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-228-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-232-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-236-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-240-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-244-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3980-248-0x0000000000400000-0x000000000041D000-memory.dmp