Malware Analysis Report

2024-11-30 04:13

Sample ID 240408-a7a8vabg92
Target ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba
SHA256 ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba

Threat Level: Known bad

The file ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:50

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:50

Reported

2024-04-08 00:53

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\lingerie uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american cumshot hardcore hidden cock swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian action blowjob masturbation lady .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese handjob lingerie hot (!) feet gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake big glans pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob catfight femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie public .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french blowjob lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\brasilian handjob blowjob masturbation gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian beastiality lingerie [milf] (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude bukkake sleeping redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\russian beastiality fucking public hole balls .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\fucking [milf] girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse big cock ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian porn hardcore hot (!) hairy (Britney,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish horse trambling licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese cum trambling public .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\dotnet\shared\japanese cum sperm masturbation cock hotel (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\russian animal sperm masturbation shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british blowjob big .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish action xxx masturbation fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian animal xxx hidden bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian nude lesbian big granny .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\brasilian porn lesbian masturbation 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cum trambling full movie titts Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse hardcore [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian lesbian lady (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Google\Temp\american cum gay [bangbus] YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\trambling sleeping feet Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia fucking hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish cum beast voyeur sweet (Christine,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\bukkake hidden hole ash (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\british hardcore [milf] leather .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beastiality gay [bangbus] cock femdom (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\nude blowjob [milf] titts bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\fucking uncut titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\german trambling [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian fucking sleeping femdom (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\cum beast several models hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\black animal bukkake hot (!) balls (Christine,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\french lingerie several models hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\british blowjob [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish kicking lingerie sleeping cock shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish trambling sleeping (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german horse public glans black hairunshaved (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\indian horse hardcore [milf] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\porn hardcore [milf] ejaculation (Ashley,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french blowjob big cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\german horse hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\gay girls glans shoes (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\black animal beast [bangbus] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\indian beastiality lesbian voyeur (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\american horse fucking [bangbus] beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\norwegian beast [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\bukkake lesbian Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french xxx [bangbus] circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\beastiality lesbian public .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn lingerie [bangbus] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian beastiality horse hot (!) young .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\indian gang bang gay girls titts (Sonja,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\cum sperm licking (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian beast voyeur pregnant (Sonja,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\japanese handjob sperm voyeur glans black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\beastiality hardcore [bangbus] sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\american horse lesbian catfight glans swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\japanese cumshot gay several models .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish trambling uncut shower .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\porn xxx lesbian hole fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\cum trambling sleeping titts shoes (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cum xxx licking cock stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\french hardcore [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\security\templates\gay hot (!) sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese lesbian voyeur titts leather (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\canadian lingerie public stockings (Gina,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse hot (!) lady .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\horse hardcore hidden black hairunshaved (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\gay hot (!) shower .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\tyrkish horse blowjob [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\Downloaded Program Files\indian gang bang blowjob masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cumshot xxx [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\sperm big swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\trambling public titts black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\spanish fucking masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\malaysia sperm public boots .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\gay [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse lesbian sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian beast [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\trambling big cock Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\malaysia beast girls traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese sperm licking titts traffic (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african fucking voyeur glans bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\american action trambling girls hole leather (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 1844 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 1844 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 1844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 1844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 1844 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 5020 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 5020 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 5020 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 205.117.53.29.in-addr.arpa udp
US 8.8.8.8:53 190.220.30.67.in-addr.arpa udp
US 8.8.8.8:53 30.142.36.221.in-addr.arpa udp
US 8.8.8.8:53 180.43.114.189.in-addr.arpa udp
US 8.8.8.8:53 139.83.75.45.in-addr.arpa udp
US 8.8.8.8:53 247.217.78.59.in-addr.arpa udp
US 8.8.8.8:53 246.244.98.4.in-addr.arpa udp
US 8.8.8.8:53 64.74.143.254.in-addr.arpa udp
US 8.8.8.8:53 93.119.90.56.in-addr.arpa udp
US 8.8.8.8:53 130.82.14.131.in-addr.arpa udp
US 8.8.8.8:53 254.46.227.114.in-addr.arpa udp
US 8.8.8.8:53 160.79.154.183.in-addr.arpa udp
US 8.8.8.8:53 123.194.68.93.in-addr.arpa udp
US 8.8.8.8:53 203.38.152.4.in-addr.arpa udp
US 8.8.8.8:53 61.197.79.254.in-addr.arpa udp
US 8.8.8.8:53 83.170.64.115.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.185.9.94.in-addr.arpa udp
US 8.8.8.8:53 58.239.205.164.in-addr.arpa udp
US 8.8.8.8:53 165.116.211.113.in-addr.arpa udp
US 8.8.8.8:53 52.96.91.78.in-addr.arpa udp
US 8.8.8.8:53 129.208.119.233.in-addr.arpa udp
US 8.8.8.8:53 15.160.133.215.in-addr.arpa udp
US 8.8.8.8:53 92.63.10.231.in-addr.arpa udp
US 8.8.8.8:53 166.165.144.58.in-addr.arpa udp
US 8.8.8.8:53 171.108.113.61.in-addr.arpa udp
US 8.8.8.8:53 25.74.163.100.in-addr.arpa udp
US 8.8.8.8:53 194.86.99.251.in-addr.arpa udp
US 8.8.8.8:53 228.140.207.58.in-addr.arpa udp
US 8.8.8.8:53 218.27.244.225.in-addr.arpa udp
US 8.8.8.8:53 250.119.128.148.in-addr.arpa udp
US 8.8.8.8:53 163.245.124.67.in-addr.arpa udp
US 8.8.8.8:53 150.121.15.228.in-addr.arpa udp
US 8.8.8.8:53 195.210.44.73.in-addr.arpa udp
US 8.8.8.8:53 159.42.73.123.in-addr.arpa udp
US 8.8.8.8:53 24.84.141.246.in-addr.arpa udp
US 8.8.8.8:53 3.60.163.52.in-addr.arpa udp
US 8.8.8.8:53 215.80.71.224.in-addr.arpa udp
US 8.8.8.8:53 126.30.12.67.in-addr.arpa udp
US 8.8.8.8:53 18.252.202.6.in-addr.arpa udp
US 8.8.8.8:53 79.94.91.71.in-addr.arpa udp
US 8.8.8.8:53 17.19.132.71.in-addr.arpa udp
US 8.8.8.8:53 61.181.174.209.in-addr.arpa udp
US 8.8.8.8:53 224.87.212.54.in-addr.arpa udp
US 8.8.8.8:53 223.94.236.121.in-addr.arpa udp
US 8.8.8.8:53 122.209.58.157.in-addr.arpa udp
US 8.8.8.8:53 17.33.71.31.in-addr.arpa udp
US 8.8.8.8:53 67.182.129.126.in-addr.arpa udp
US 8.8.8.8:53 146.55.122.202.in-addr.arpa udp
US 8.8.8.8:53 216.13.197.254.in-addr.arpa udp
US 8.8.8.8:53 209.178.111.58.in-addr.arpa udp
US 8.8.8.8:53 123.227.60.214.in-addr.arpa udp
US 8.8.8.8:53 228.154.102.55.in-addr.arpa udp
US 8.8.8.8:53 190.203.36.161.in-addr.arpa udp
US 8.8.8.8:53 38.108.146.10.in-addr.arpa udp
US 8.8.8.8:53 10.125.41.62.in-addr.arpa udp
US 8.8.8.8:53 102.11.201.215.in-addr.arpa udp
US 8.8.8.8:53 150.157.25.236.in-addr.arpa udp
US 8.8.8.8:53 237.85.193.87.in-addr.arpa udp
US 8.8.8.8:53 184.235.75.62.in-addr.arpa udp
US 8.8.8.8:53 42.5.242.98.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/1844-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian animal xxx hidden bondage .mpeg.exe

MD5 9dfec8e7384db05359d795b8e20be9cc
SHA1 fefcf2a55a557b2a2b78109ab50855e64ac824cc
SHA256 a976f9261862b14c63d08046b54dd79e841f0abf03d7df424e9ccca5662676aa
SHA512 ffbb4ceae1b5516e664036610f4954d265e3b772625d1ec4093609ea582c4c1cf595eec6ded2cd3e47c42ca910fb6f331d45618f06cb20c4b805fe7fc085151f

memory/5020-11-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5020-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2200-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4400-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-195-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-214-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-218-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-222-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-226-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-234-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-238-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-242-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1844-246-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:50

Reported

2024-04-08 00:53

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore lesbian titts leather .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian handjob horse [milf] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese handjob hardcore girls .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese action lesbian girls hole shower .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black cumshot xxx big penetration (Sandy,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gay big ash (Sandy,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish action fucking hot (!) glans hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian animal lesbian big blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish beastiality hardcore public sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SysWOW64\IME\shared\russian action lingerie full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian voyeur stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Google\Temp\bukkake licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking hidden balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian kicking beast [bangbus] feet (Britney,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian fetish lesbian sleeping glans .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls glans (Sandy,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Windows Journal\Templates\horse [free] titts (Ashley,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude horse girls balls .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black animal beast girls feet femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\japanese horse xxx big 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang blowjob public girly .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\hardcore hot (!) (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling lesbian balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian fetish bukkake [milf] (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian kicking beast masturbation (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\bukkake hot (!) hole girly (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\animal beast catfight cock circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian gay [milf] ash (Kathrin,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american cum sperm [bangbus] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\gay hot (!) bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\black horse trambling full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian nude fucking [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gay full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob sperm sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lingerie masturbation femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\russian animal beast [milf] hole penetration (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\bukkake masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse girls (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black cum lingerie [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish lingerie big castration .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\african sperm licking mature (Gina,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\spanish bukkake uncut gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude xxx sleeping hole .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\american animal beast public cock castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese handjob blowjob voyeur glans redhair (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american animal beast full movie hole mature (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese cumshot gay masturbation feet .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\horse hot (!) cock 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian cum fucking lesbian titts .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish nude hardcore masturbation hole shower (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish horse bukkake several models (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\canadian sperm full movie hole mistress (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\InstallTemp\canadian blowjob girls (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian horse horse big hole femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lingerie big titts bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish horse sperm masturbation (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\porn lesbian [bangbus] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\sperm big hole leather .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african horse big bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian beast licking fishy (Sonja,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\Downloaded Program Files\indian cum lesbian catfight hole stockings (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\security\templates\danish animal trambling hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\animal horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\black gang bang trambling licking black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\beastiality xxx hidden circumcision (Britney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking masturbation femdom (Britney,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\SoftwareDistribution\Download\black gang bang trambling uncut hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse lingerie [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\chinese lingerie masturbation hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\spanish blowjob uncut cock castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\gang bang blowjob uncut cock gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore big ash .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish animal bukkake hot (!) (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fetish horse catfight castration (Jenna,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\action gay big titts hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish horse gay masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish fetish hardcore catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\malaysia fucking girls cock hairy (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\tmp\horse girls bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese blowjob public titts upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\asian fucking masturbation bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action gay uncut lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish gay voyeur feet .avi.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian lesbian lesbian glans girly (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\indian nude gay several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian nude hardcore [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2796 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2796 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2796 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2796 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2496 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2496 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2496 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
PID 2496 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.252.86.23.in-addr.arpa udp
US 8.8.8.8:53 174.185.31.241.in-addr.arpa udp
US 8.8.8.8:53 165.242.221.165.in-addr.arpa udp
US 8.8.8.8:53 197.222.119.189.in-addr.arpa udp
US 8.8.8.8:53 171.211.195.94.in-addr.arpa udp
US 8.8.8.8:53 27.22.173.158.in-addr.arpa udp
US 8.8.8.8:53 69.251.254.96.in-addr.arpa udp
US 8.8.8.8:53 72.103.164.55.in-addr.arpa udp
US 8.8.8.8:53 123.207.143.124.in-addr.arpa udp
US 8.8.8.8:53 167.155.31.15.in-addr.arpa udp
US 8.8.8.8:53 57.56.171.218.in-addr.arpa udp
US 8.8.8.8:53 92.183.12.229.in-addr.arpa udp
US 8.8.8.8:53 173.233.230.139.in-addr.arpa udp
US 8.8.8.8:53 173.233.134.218.in-addr.arpa udp
US 8.8.8.8:53 29.67.208.63.in-addr.arpa udp
US 8.8.8.8:53 76.115.35.73.in-addr.arpa udp
US 8.8.8.8:53 7.77.158.253.in-addr.arpa udp
US 8.8.8.8:53 61.74.125.254.in-addr.arpa udp
US 8.8.8.8:53 243.62.100.241.in-addr.arpa udp
US 8.8.8.8:53 109.88.229.167.in-addr.arpa udp
US 8.8.8.8:53 227.64.188.134.in-addr.arpa udp
US 8.8.8.8:53 59.44.220.196.in-addr.arpa udp
US 8.8.8.8:53 35.155.116.184.in-addr.arpa udp
US 8.8.8.8:53 246.34.113.30.in-addr.arpa udp
US 8.8.8.8:53 134.161.29.40.in-addr.arpa udp
US 8.8.8.8:53 40.105.246.205.in-addr.arpa udp
US 8.8.8.8:53 249.23.137.154.in-addr.arpa udp
US 8.8.8.8:53 42.247.210.40.in-addr.arpa udp

Files

memory/2796-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude horse girls balls .zip.exe

MD5 73f411b8de13b93c9c1436531d2de7f9
SHA1 741d2b2531c6cdbb8c1ffd38cf19fd52c51524e1
SHA256 e9226bebce0365fd87343f36283e37994a4f882c783b80688ead1e7b45c91aa6
SHA512 875bdcdc039cde3733d9dce77ad14da75648f271fb41a71a8d4819f9fe1997f84f5022eb963983a64e70080afc1f7d8a68edde40252e5fbe259abcbc0844ff69

memory/2796-81-0x00000000051F0000-0x000000000520E000-memory.dmp

memory/2496-82-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2496-91-0x0000000004E10000-0x0000000004E2E000-memory.dmp

memory/1960-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1960-106-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-107-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-110-0x00000000051F0000-0x000000000520E000-memory.dmp

memory/2496-111-0x0000000004E10000-0x0000000004E2E000-memory.dmp

memory/2796-112-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-115-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-118-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-126-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-132-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-138-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-144-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2796-147-0x0000000000400000-0x000000000041E000-memory.dmp